Whilst investigating another problem we were experiencing on the SharePoint site, we stumbled upon some User Profile and Properties options. We had previous been looking at storing additional fields against a user to hold information such as leave entitlement and leave remaining. The properties of the user can be edited and custom fields can be created. The image below shows the administration centre where these additions can be made.
We were able to add the two additional fields that we require at this stage in testing and development. We were also able to read the values of the two fields and have them returned to the user in an email using a workflow. However we quickly discovered that it appears to not be possible to write data back to the fields. In this instance this would allow us to keep track of the number of days leave a user has remaining.
For the last week now, Michael and I have been struggling with a very persistent workflow issue. An approval workflow that we have created, works fine when it’s started by an administrator, however when it started by a regular user, then the approval process won’t work. The workflow is activated with the permissions’ of the user that started it, not the permissions of the approver or the author. It isn’t currently an issue for the work we’re doing, but it will need to be fixed for use in a real world environment. Googling the problem didn’t seem to help, there were too many vague “fixes”, that required complicated multiple workflows that never seemed to work. There didn’t seam to be a solution to this problem anywhere on the internet. However, I then remembered that someone gave me a large SharePoint 2010 book as a “congratulations for getting the job”, so I decided to see if I could find a solution in there. The solution showed itself almost immediately.
The answer is: High-Privilege Workflows. I found this solution to be extremely easy carry out, and it solved our workflow problems 100%. A high-privilege workflow runs with the permissions’ of the person who created the workflow. While editing the workflow, you simply click in the area just below the first step, go to the “insert” section of the ribbon bar and click “Impersonation Step”. This adds a new step into the workflow that carries out the actions within it using the permissions of the workflow author.
I find it embarrassing that the solution was so simple, however I thought I might write a post about it, incase any others users were coming across the same issues.