How to Configure Item Level Permissions during Approval via A SharePoint Designer Workflow
I had a requirement to enforce permissions on documents uploaded to a library after approval by a workflow. Before being uploaded documents could only be seen by users who had higher privileges or their own submissions. The approval workflow already existed, created in SharePoint Designer and needed to be modified to enforce permissions once approved. The steps below are mainly for a new workflow but it’s simple to use for editing a workflow.
Here is what you need to do:
- Create a new Document Library (e.g. Policy Documents)
- Go to Document Library Settings > Permissions for this document library
- Click on Stop Inheriting Permissions command from the ribbon
- Revoke permissions for all but few important groups (e.g. Owners and Members). You must leave in the System Account otherwise you will have permissions problems.
Please note: Steps 2. – 4- are optional but workflow is going to be much simpler if there is less permission to manage.
- Open your site in SharePoint Designer, and select Workflows option and your list from the ribbon
- Type the name for the new workflow (e.g. Policy Approval Permissions)
- Insert a new Impersonation Step. This special step runs each activity as workflow author.
Make sure workflow author (you) has proper privileges to manage permissions for this list.
- From the list of workflow actions choose “Replace Item Permissions”
- Click Replace these permissions (There are other actions available when you click inside, depending on your requirements)
- In the dialog click Add
- In the Choose permission to grant dialog click Contribute, and then click Choose… button
- Add User who created current item to the Selected users list
- Click the workflow name (e.g. “Policy Approval Permissions“) to manage workflow settings
- Make sure you have selected the correct Start options
- Publish your workflow
Once a user adds a document to a document library this workflow will revoke permission from other users and grant contribute permissions to the document author. You can set other permission levels within the same action, for more than one user or group.
Note once a document has been uploaded and is within the workflow process, no one can change properties until it is approved, except the approver.