SPD2010 Reusable workflows with dynamic security groups through workflow lookups

Recently I worked with a client that required a central expenses process. This process was going to use a global reusable workflow process, but had to have security configured at a local level. This gave us some problems as SPD global reusable workflows don’t have any visibility of local groups during the creation phase.

To get around this, I used association parameters to collect the name of the local SharePoint group that contained  the local finance team accounts. This group was created locally in the team site by the site admin and as the workflow was associated with the Expenses library, the association parameter stored the name of the group created.

To use this in the workflow, I did the following:-

  • Create the new reusable workflow (aligning it to a content type if you choose…), and choose Initiation Form Parameters in SPD2010.
  • image
  • Click add and create a new Field
  • image
  • Click next and OK.

Now returning to the workflow itself and add an Impersonation step. (We require this as we’re going to be changing list item permissions and the user may not have that access.)

  • image
  • Add another step inside this (I do this purely for clarity) and then add a replace permissions action. (This will remove all existing permissions on the item and place just these permissions on it.)
  • Click on “these permissions” to bring up the permissions editor., then click Add.
  • image
  • The permissions editor gives us the ability to add multiple permissions to an item, using SharePoint groups or context items through a lookup.
  • Click on Workflow lookup for a user, then add.
  • Change “Current item” to “Workflow Variables and Parameters”
  • Then “Field from source” to “Parameter: Finance Security Group”, and ensure that it’s set to “As String” because we want the group name.
  • image
  • Click ok, define any other permissions for the item that you want, then publish your workflow.

At this point, we’ve deployed our workflow globally, but it’s not been associated with a list. Browsing to our list in SharePoint, I’ve added the content type that I aligned the reusable workflow with, selected that content type and clicked add workflow.

At this point the familiar Workflow association screen pops up, as it does with every out of the box workflow, I’ve left it as manually started, and then click next. Now we see an Association form that’s been created by SharePoint designer when we added Association fields.

image

We type in the name of our local SharePoint group, and then save the changes. The workflow is now associated with the library and content type.

Kicking off the workflow, i can now view the items permissions through “Manage Permissions” and see that my group now has the relevant permissions on the item.

image

I hope this proves useful for you.

Paul.

1 ping

  1. […] SPD2010 Reusable workflows with dynamic security groups through workflow lookups […]

Leave a Reply

Your email address will not be published.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.