Providing authenticated site Visitor w/contribute permission on list and associated workflow but they are unable to start the workflow. Getting Access denied.

The initial challenge was that I needed to allow users (employees on our intranet) to submit a form anonymously on a site (Office365 Enterprise version of SharePoint) they are authenticated on. They needed to fill out info, hit submit, and have that info be emailed to another individual in our company. 

The solution I found and thought would work entailed:

Step 1: creating a custom list

  • Disinheriting permissions for list from parent
  • Adding Contribute permissions for the Visitors group.
  • Adding a single item to the list.  

Step 2: creating an associated list workflow in SharePoint Designer 2013.

  • Chose to Manually Start workflow
  • Adding my form fields via the Initialization Form Parameters.
  • Chose Send as Email Action /formatted with fields from Initialization
  • Disinherited permissions from parent and then changed permissions for Visitors on the actual initialization form (WFInitForm.aspx)
  • Disinherited permissions from parent and then changed permissions for Visitors on the associated Task List
  • Disinherited permissions from parent and then changed permissions for Visitors on the associated History List
  • Some other miscellaneous tweaking for usability that aren't really related like hiding the custom list from the browser, changing Start to Submit on the WFInitForm, modifying where the cancel button directed user, and a couple others.

Step 3: Copied the Start workflow URL from the list item ribbon and added it to a link on the Home page of site.

Step 4: Published

During the course of troubleshooting I turned "Limited-access user permission lockdown mode" off in the parent collection features.

I'm not sure if this would affect anything but Publishing is turned On for the site collection but was left OFF for this sub-site.

Anyway, when I enter the site as a Visitor and click on the link to start the workflow I get an Access Denied message right away and am given the option of requesting permissions.  If I add Contribute to the Visitors group for the site, then the workflow starts. But Visitors can't have Contribute on the entire site. They need to have Read for most things and Contribute on just a couple. 

I feel like I've missed an item that I need to change the permissions on but don't know what item. Any ideas? 



August 20th, 2015 3:06pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics