Here is some good starting information for how to manage permissions using a SharePoint 2013 workflow and the REST API. You can use these actions to update permissions so that on change only the people who you either declare or are in the Assigned To have contribute, and everyone else you can grant read. 

In this case i use the Plumsail Workflow Action Pack: https://plumsail.com/workflow-actions-pack/

It's very simple to use.

Heiko, I am facing this same issue. Can you explain how you got around it. Once I assign the task, the workflow is waiting for tje task to be comple and i cannot run any morae actions until then. How can i change the permissions on the task ?

This is the reason why I use the plumsail Workflow action pack as extension to the SPD 2013 Workflows.

There is an activity to set the permission for the actual item in the list.

As example:

In your workflow use this activity to remove all permissions (1) then set the permission to read for Users and only write permission to the user who is assigned to the task (2).

When the task is finished set the permission back to inherit it from the list (3).

The activities use an special User to set the permissions – you can define it in the site settings.

I hope this helps you – feel free to come back when you have additional questions.

HI Heiko,

I'm new user of sharepoint and I don't know many things:)

I have to preapare flow and during it I have to change permission for item (list item).

I tried to do it by using your instruction, but it seems not works as I expected.

User with contribute permission (all our employee have the same access) create item on list (list setings - user can see only documents created by him) . Flow is started directly after creation item, the first person is manager of this employee. And he received mail from flow, can accept or reject, but can't see this item on list. Inside mail from flow is link to this item and of course he isn't able to see it.

I thougt that if I use Plumsail solution will be possible grant access to item for manager, so he would be able to open item.

I used Plumsail and still manager can't open/see item.

Please let me know if this is possible to have such functionality?

Regards

Ula

Hi Ula,

I didn’t use plumsail with flow.

I used the older version with a SharePoint Designer workflow – and this works perfect.

But I should think it must work also with flow.

Do you set the permissions correctly?

Best way for this case is to remove all permission and then set the permission for the necessary people.

Is flow working without an error?

I don’t use flow, because in the meantime we have a better solution for Workflows.

Hi, thanx for your replay.

Yes, workflow works correctly.

I did exactly as you described. First delete permission, than grant to employee and manager (in one step, in two steps - because in one step didn't worked), after step with approval I restored permission.

Lokks something like that:

If you worked in SharePoint Designer you got functionality as I described in my previous post?

Maybe my understanding is not correct?

Regards

Ula

I mean flow is running under your account.

You are site collection admin?

When you remove all permission then you remove your permission too.

Try to not remove all permissions – remove only the default user permission. Leave your permission.

But then flow I running into a failure.

In SharePoint Designer I got the functionality you need.

But there I can use special permission (site admin account) for the plumsail action.

Sorry, I don’t have enough experience with flow.

Thank you once again:)

Yes, I have admin rights to this site collection.

I will try it once again, probably not only once:)

I don't know how to remove only default permission. Maybe I'll contact with Plumsail, and hope they know how to solve it.

Have a nice day.

Regards

Ula