Hi Everyone - Thanks in advance for your help!
Here is what is happening:
- A user has "read only" access to a site through an AD group. They also have "read only" access through that same AD group to the task list on that same site but it doesn't inherit permissions.
- A workflow is initiated when a task is assigned to the user that gives "Contribute" access to that user on that specific list item. I have verified this through checking permissions on that item. I can see they have both the read access through their AD group and Contribute permission individually.
- When the user opens the task it appears as if they have the access needed becasue they can see all the appropriate buttons. (Approve, reject, cancel, reassign, etc...)
- When the user selects one of the buttons they get the access denied message.
What am I missing in order to give the ability to the owner of the task to allow them to complete it or save changes to it?
Is there a permissions best practice when the desired outcome is that the owner of the task is the only one who can 'approve' or 'reject' the task. Where everyone else can only view the task?
See screen shots below. - Again thanks for all your help!