MOSS 2007 - Should I create a custom workflow or not? - sharepoint

I have a scenario where I want a user when viewing a list item to be presented with a custom action to create a site. This is pretty similar to the scenario provided in the MOSS 2007 SharePoint Guidance. What makes it different is that I want the site created with the url and name taken from the list item, and then a web propertybag value set. The only user task after the site is created is for the site collection administrator to add some specific user rights to it.
I can do everything apart from prompting the user to set the site rights via the object model so should I use a workflow or just code it straight?

The benefits of a workflow would be the ability to track the task and whether it has been completed or needs escalation etc.
The answer to this question is going to be found from your own staff on how they want to manage the tasks. An email notification may suite them better. Check with them on whether the benefits of a workflow are going to be worth the development cost.

Related

Secure the 2-stages approval application using SharePoint & Power Apps & Power Automate

We have a travel request application. where a user submit a request which should go into 2 stages of approval process before it gets Final Approval.
Now we did the following:-
Create a SharePoint list which contain those fields; Title, Description, StareDate, EndDate, FirstApproval (the requestor direct manager), SecondApproval (the requester regional approval), Statues (system-generated with those options; open, first-approved, second-approved, Final-Approved).
Power Apps, which send emails to the first-approval and the second-approval users , and show-hide the Approved & Reject buttons based on the item status.
Power Automate,to set item-level permissions, so for example when the item needs first-approval only the approval's direct manager can edit the item, while all stakeholders can read-only.
now the process is not 100% secure, as a requestor using API call or using SharePoint built-in forms, can easily create a new request and define its status as Final-Approved. so in other words the requestor can bypass the Power Apps business logic. so how we can secure our process? so if an item has a status = "Final-Approved", then we can 100% sure that it actually went through the 2 approvals users?
One Approach i am thinking of, is as follow:-
To create additional SharePoint list >> which stores the ItemID + ItemStatus.
Grant all users Read-Only on this new list while grant the service account Contribute.
Update this new list from Power automate Only. so for example only if the submitter's direct manager did the approval, to change the status inside the new list to First-Approved, and so on.. Also only if the submitter's regional manager approve the request + there is already an approval from the direct manager to change the status from First-Approved to Second-Approval.. so what ever the status is inside the new lit i can be sure that it has not been hacked, as end-user will have read-only on this new list.. can anyone advice please?
Thanks
I believe this question is not unique to you, many SharePoint developers need to make specific configurations or use some artifices to ensure a certain process developed in SharePoint.
Using exclusive/custom permission control into List and uses the PowerAutomate layer to conntrol List Item permission only to approver will secures some update from Rest API, for example.
If you want to block New Insert items and/or block Update items by PowerApps, you can substitute the instruction into "OnEdit" and/or "OnNew" events using ResetForm(SharePointForm1);; RequestHide();; with this instructions in these events block some user to create or update SharePoint Items.
Into SharePoint list settings, in advanced settings, you can disable attachments, disable comments in list item, disable search, disable quick edit, disable launch form in dialog.
I think that's all.

Is there a way to create a work "handoff" flow in SharePoint? Where users complete a task and sends it to other users to complete additional tasks?

All,
I'm new to SharePoint, and I was wondering if there was a way to have a group of users complete a task (perhaps a form that needs answered), and then have that form, or the answers given in that form, be sent to another group of users to look into and follow-up on? Perhaps it could be moved to a specific folder?
Google hasn't turned up much of anything in the way of clear answers.
The mechanism you are mentioning is like a SharePoint Approval workflow or an approval flow.
Just like teylyn said, you can choose SharePoint Designer workflow or Power automate depends on the version of SharePoint you are using.
How to determine the SharePoint version I am using.
And SharePoint has its own built-in approval workflow template for directly use. It is a bit old but easy to configure and ready to be used.
An example for SharePoint designer 2013 platform approval workflow here.
2010 Platform approval workflow
One thing just for your notice, there are two different types of workflows, 2010 platform workflow and 2013 platform workflow. You can create a 2010 platform as long as you installed SharePoint Designer. However it is needed to install and configure workflow manager to use 2013 platform workflow.
Flow tutorial here.
Hope to be any help.
In SharePoint Online, you can use Power Automate to create business logic workflows, using fields in a SharePoint list that store the current status of a task and information like next reviewer, etc. The Power Automate flow can be either triggered by a button in the form (in which case you would want to design the form with PowerApps) or whenever the item in the SharePoint list is modified.
In SharePoint on premises you can create SharePoint Designer workflows to achieve the same thing.

SharePoint OOTB workflows 'Failed on Start' when started on create but can be started manually

I'm using the SharePoint Three-State workflow for a complete and then validate scenario on an InfoPath form. A web service creates the instance of the InfoPath form in the library. The idea is that the workflow will get a particular user to complete the form and then gets a manager to approve it. Simple stuff really.
The workflow fails to start unfortunately. The log shows an argument exception when it tries to start the workflow. Strangely it runs fine when manually started so that rules out the association data being incorrect. I've also tried this with other OOTB workflows such as Approval. I've thought it might also be the creation of the item through the web service but then it all works in my development environment.
I'm hoping someone might be able to contribute what I'm forgetting to check.
What identity is your workflow attempting to start under? If it is the SharePoint System Account, that account cannot start declarative workflows, as documented in this SharePoint Designer Blog post on MSDN.
This same problem impacted one of our workflows, where a web part programmatically created a list item and our workflow was set to trigger on item create and update actions. Manually creating items or manually running the workflow worked because it happened under our personal credentials.
Our solution was to simply create a service account in AD that the web part could impersonate. Once the list items were no longer being created under the System Account, the workflow worked as expected.
If you are receiving an argument error, I would check that the workflow is not referencing a field that would not be populated at the time of creating the list/library item. If you reference something like the ID field or a calculated column this field would not be available.

Getting a manager to authorize/verify details on a form

Scenario
I have an InfoPath form. the user fills it in the details, and then a manager checks it over for accuracy. The manager then signs off the form to say that they are happy with the details and then the form gets submitted.
This process does not happen every time and its purpose is to validate that the user is performing the job to an adequate standard.
It is this sign off process that I need help on.
I need an easy way to authenticate the Manager. and associate the authentication with the form.
Environment
IIS6, Sharepoint 2007, SQL Server 2005, Infopath 2007, Windows XP.
I have considered using digital certificates but it seems to be overly complex for what I am trying to achieve, however happy to be proven wrong.
The easiest/simplest way would be to activate approval on the forms library and give the manager(s) the Approve permission. This way users can submit forms that remain in a draft state until a manager approves them. Draft forms will be visible only to their author and the managers. The manager that approves a form will appear in the
If you need something more than this simple 2-step process you can activate the out-of-the-box approval workflow on the forms library. With this you can define multiple approval steps to the process, add task notifications to managers etc.
As far as authentication is concerned, SharePoint checks the roles/permissions assigned to users and forms internally so you don't need to do anything more.
Certificates are serious overkill for simple approval. Certificates cryptographically sign the content of a form and guarantee that its content was created by the owner of the certificate. Sharepoint already keeps track of who created and modified a document and can also keep track of document versions, so you don't need certificates unless you have some strange legal requirements.

Viewing a MOSS 2007 page as another user would see it - without logging in as that user

In Moss 2007 you have the ability to set the target audience for each individual web part within a page. Is there a way to preview how the page will look to another user without logging in as that user? What I am looking for is a way for someone with full control/design permissions on a site to be able to preview how the site will be displayed to another user. Any suggestions?
I have a few test accounts that our IS department uses to preview pages, however we do not allow non-IS departamental staff to use those accounts. Those staff members only have access to their one account. So, if a user makes changes the target audience on a web part on one of their pages, right now they have no way to preview how the page will look to someone else other than asking someone else to login & watching over their shoulder. I can't give out the account information for the test accounts, nor can I create new test accounts.
Thanks!
Edit: I have the ability to preview. The problem is that other users with full control of a site can't preview the page. Here's a scenarios: In my school division each school has a site. The principal has full control of his school's site. On the landing page, he wants all the school announcements to be visible. However, some should only be visible to teaching staff, while others need to be visible to the students. He uses audience targetting but cannot preview to see at a glance that the targetting is correct. A lot of the users are not computer savy so things need to be as simple as possible. Also, that was just one scenario, there are other scenarios that are not divided by school. There are many users with full control of a site with different requirements - so it's not feasible to create test accounts for all scenarios.
First I don't think it is possible to have a preview feature if you are using NT security. Maybe it is something you can do with forms authentication but I never used it.
On that subject. I think when you are developing new features or integrating stuff on a MOSS/WSS server you need a little flexibility.
With what I see you have to following things you can do. It is surely more cost effective than developing a custom solution. I assume you are using NT Security.
User accounts : Ask your domain administrator to have dedicated user accounts to play with.
Virtual Machines : Ask to have some virual machines to be able to play with that server combined with tests accounts
Sandboxed environment : Ask your IT dept to create a sandboxed MOSS environment to have to possibility to replicate your actual MOSS environment and create custom user scenarios.
Edit: After re-reading the question I released that you want the users to be able to preview a page. I think you will need to look into writing a preview control that uses Impersonation to load the page. Not sure how feasible this is, but surely someone has created a preview feature. Sounds like a pretty common scenario to me.
Old Answer:
Could you not fire up a non MS browser such as Firefox, which will prompt for the username and password.
You can then just clear the session cookies to be prompted to log in as someone else.
This is the technique I used for an ASP.Net site that used authentication against the domain in a similar manner to SharePoint.
Alternatively, you can create a control/webpart that hooks into the audiences for the site and displays the audience membership to the user (maybe from the GetMembership call). This does not preview the site, but it will give your editors a heads up on who is in each audience. Something that will help them get the audiences correct.
We have made a similar webpart for security group membership.
I think there are two approaches you can take:
Do make use of test accounts to preview the pages. You can ease the "pain" to log in as another user by making use of the RUNAS command (http://technet.microsoft.com/en-us/library/bb490994.aspx). So it's possible to just create a shortcut on the desktop that opens a browser making use of another account's credentials. Only that browser instance will work with the test account.
Make a copy (or more copies) of the page that you want to preview, store it in a secured site (so it's only accessible for the principal for example), and tweak the Audience Targetting properties of the web parts on that page/pages.
For previewing target audiences only, the only way to do it is to create a target audience that runs based on a properties in the SSP User Profile Properties.
You can then have a control that allows the editor to change the value stored thier profile, re-compile the profiles and voila (for some description of voila) the user will have change thier audience targetting values to something else.
This would need quite a bit of coding and some thought put into the rules for the audience targetting.
At the end of the day, the most cost effective way is to push back to your infrastructure guys for an account solution that will allow you to have an "reader" account people can use for this function.

Resources