I'm trying to give one our BA's the ability to make changes to a workflow that was created with Sharepoint designer. After some trial and error (i did not try all combinations) adding them to the Site Administrators group seemed to be the only thing that worked. In this case it's only going to be a temporary elevation of permissions. Has anyone determined what the minimum permissions that a user needs to be able to publish workflows on a site?
2 Answers
I tried using the permission level "Manage Lists" as suggested above to not success. However setting the permission level on the workflow list to "Contribute" worked. Not sure if it's the absolute minimum permissions but it's close enough
Thanks to Sean for pointing me some good information on how permission is not inherited from the site because it's a hidden library. I've copied the information from Sean's post on how permissions works and how to set it through sharepoint designer.
quote from :http://blogs.msdn.com/sharepointdesigner/
... the Workflows document library is a hidden library in the site that by default does not inherit permissions from the site. When you create a site, the Workflows library gets the same permissions configuration as the site, but any permissions changes that you subsequently make at the site level — such as disabling Manage Lists — do not automatically trickle down to the Workflows library.
To manage permissions for the Workflows library, open the site in SharePoint Designer >> right-click the Workflows library >> click Properties
click the Security tab >> click the link “Manage permissions using the browser”.
The "Locking Down SharePoint Designer" entry on the SharePoint Designer Team Blog (http://blogs.msdn.com/sharepointdesigner/) sheds some light on how permissions are controlled for the Workflows document library. Relevant section:
... the Workflows document library is a hidden library in the site that by default does not inherit permissions from the site. When you create a site, the Workflows library gets the same permissions configuration as the site, but any permissions changes that you subsequently make at the site level — such as disabling Manage Lists — do not automatically trickle down to the Workflows library.
To manage permissions for the Workflows library, open the site in SharePoint Designer >> right-click the Workflows library >> click Properties >> click the Security tab >> click the link “Manage permissions using the browser”.
There is some additional contextual information that may be of use, but the jist of it (that I took away) is that the "Manage Lists" permission is used by default.
To apply this in reverse: you should be able to go into your specific site's Workflows library (via SPD, at least initially) and verify that "Manage Lists" is the permission level needed to work with the library. You sould then be able to change that or add your specific BA to the list.
I hope this helps!