I have used the 3rd party workflow solution from Codeplex for some time now successfully for the actions and conditions which are not provided out of the box by MOSS2k7 Standard, but am now running into issues with the permissions rewriting part of it making
permissions hard to enumerate/control.
I basically can assign permissions dynamically to users or groups in the workflow, but they always add a 'limited access' permission at the top level of the list itself and the site for that user or group, even after the permission is removed from the
list item using the workflow or set back to 'inherit parent's permissions'. What mechanism do other admins use to ensure that these 'limited access' permissions do not simply build up and increase to include all users in the organisation eventually, other
than manual pruning? Would I not hit a limit on how many permission assignments I can add to a list or site eventually?
My scenario is that for a several stage approval process, the business wants the approvers to be sequentially granted contribute access and the author's access made read only after submission, but the approver's cannot belong to a sharepoint group (authoriser
could potentially be anyone)
Sincere thanks in advance to anyone that can advise on this. If it makes any difference, we are just using this on normal custom li
View Complete Post