Everything SharePoint and XAML

My continuous learning of SharePoint, XAML, Silverlight, Windows Phone 7, Windows 8, Office, VSTO, C#…

Approval Workflow Knowledge

Posted by Steve Pietrek on May 2, 2008

I am working on a custom workflow solution. While testing my solution out, I realized a workflow initiator could approve workflow they initiated even though the task was not assigned to them. 

To see what Microsoft does and hopefully clear my confusion, I created a brand new document library named “Incoming Resumes”. I created a default approval workflow named “Incoming Resumes Approval” – I only set the approver to be Mary and put in a custom message. I created two users, Sam and Mary. Sam is just a contributor. Mary is an approver.

Here’s what I did:

  1. Sam created a document and added it to the “Incoming Resumes” document library.
  2. Sam manually kicked off the workflow (only option).
  3. A new column named “Incoming Resumes Approval” was added to the “Incoming Resumes” document library. The new document now had a status of “In Process”.
  4. Sam clicked the “In Process” link and the Workflow Status page was displayed.
  5. In the history, Sam read when the workflow was started by herself and Mary is the only participant. A task was created for Mary.
  6. In the Tasks section, Sam clicked the task title and displayed the Task Edit form. Hmmm.
  7. Sam was able to click the Approve button and approve the workflow – even though it was assigned to Mary!

This is something I did not expect. After some research, there is a setting on the second page of the approval workflow association form “Allow changes to the participant list when this workflow is started”. By default, this option is checked. If this is checked, the workflow initiator can make changes. To avoid this issue, uncheck this option. Unchecking this option will rollback any changes the workflow initiator has made and display the message: “Task update was not accepted”. All in all, I guess it makes sense. If the workflow initiator can assign to someone else, it also means they can make changes herself.

A couple observations:

  1. Although a user may not have a permission of approver DOES NOT mean they cannot approve workflow.
  2. There appears to be a usability issue when the “Allow changes to the participant list when this workflow is started” is not checked. Why should a user be allowed to view the Task Edit form, make changes, click the Approve, and then see an error message that they are not allowed to make changes because the task is assigned to someone else. I know you could disable the Task Edit form options in a custom workflow but why not in the out-of-the-box experience. The Approve/Reject buttons are disabled if you view the Task Edit form after a task is completed.

Update 1: Interesting, reviewing the form, the “Allow changes to the participant list when this workflow is started” control in InfoPath is named “InitLock”.

Sorry, the comment form is closed at this time.

%d bloggers like this: