I am working on a project in which a task needs to be assigned to users that potentially belong to two groups. For example - users which belong to Company A and also are User Type B. Is it possible to have two columns in the task list and require the workflow to assign the task only to users which are members of groups in both columns?
I don't think this can be achieved with OOTB approval workflow since you have to get intersection of users from both the groups. The simplest way will be create another group which will contain only users which belong to Company A and also are User Type B.
You can maintain this group manually or in SP2013 create a SPGroup User added event receiver which will automate this process.
http://www.c-sharpcorner.com/UploadFile/anavijai/create-groupuseradded-event-receiver-in-sharepoint-2013/
Related
There are some task which are assigned on group level. then there is a list which depends upon the Groups, having people only from the assigned group.
I wanted to show the task which are only assigned to a person who logins.
Showing task Whom it belongs To having Both Conditions wheather he/she is a member of group,or the task is assigned to him/her specifically!!.
I have an enterprise application in Azure with some roles defined, let's say:
professor role
student role
staff role
Then I have some Active Directory groups which are nested, like:
root professor group PROF
nested professor group PROF1
nested professor group PROF2
and many more similar, even more nested...
root student group STUD
nested student group STUD1
nested student group STUD2
and many more similar, even more nested...
root staff group STAFF
nested student group STAFF1
nested student group STAFF2
and many more similar, even more nested...
I can assign users and AD groups to those roles. However, when I want to assign a group to a role, it works only when a user is a direct member of the group. If, for instance, I add the whole group STUD to a role, it does not work with role assignment. Therefore I have to add all the single nested roles to the role, which is quite time consuming.
But that would have been acceptable as one-time-solution. Bad thing is, there are new groups and users constantly. And I'd have to keep the role assignments up-to-date manually all the time.
Ideally I'd like to say: everyone from the STUD root AD group gets the student role etc. Apparently this is not possible:
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15718164-add-support-for-nested-groups-in-azure-ad-app-acc
Is it maybe possible to do it via some automated script? Maybe you have some other ideas?
Thanks in advance!
as you've discovered, azure ad currently does not treat nested groups nicely for a variety of situations, and as you have found in that thread that you posted microsoft is starting to work on a workaround.
so the question is how much effort do you want to spend on trying to implement something that will likely be some kind of built in functionality in the medium term when microsoft releases a solution?
there are things you can do, like write a powershell script to flatten a group for example. but you would call that manually. to keep it clean, i would create a parent group for each appplication registration role. eg, create like a group called app_x_prof or something, put prof group in there. then flatten that. but that's still pretty manual.
if you really wanted to automate that, there are ways. eg, you could combine creating app role specific groups, add nested groups to that, then, run a power automate (flow) that you make periodically that goes through those specially named groups to grab all the users from nested groups and copy them to the root group..
all depends on how much effort and time.
Can you add a user to multiple groups in one login?
No. A user can only belong to one group max. In the UI you can only select one and via API you can only specify one group_id.
Yes. You can add a user to multiple groups at a time provided your application separates your Authorization logic.
For eg, If you have 3 groups i.e., Customer, Manager and Administrator then the customer must have a different login interface where only customers can login, the manager must have a different login interface where only managers can login and so on. This can be achieved but it consists of lot of code related tweaks to be done.
But the recommended approach is that to assign a user to one specific group and manage the permissions at group level.
I want to create a "global" group, which I can use to grant access to different site collections.
I.e.: I can give readers rights to collections 1 and 3 and no rights to collection 2.
Is it somehow possible?
I tried to create the group in CA, but I can't see it in the groups management.
You can not create such groups as SharePoint groups have site collection scope. When your create the same group (with the same name) in two site collections they are still different (have different IDs). Only AD groups can be used across several different site collections.
I want to use the three state out of the box workflow in SharePoint 2010.
My problem is now, that I only can assign a task to one user for a step (It is not possible to add a second person in this field)
Is there any way to assign a task to a group? Like a exchange group or something else?
You are correct that multiple users are not allowed for the field. But you can assign the respective task to an Active Directory group. If you would want more customization you would need to implement the workflow yourself.