MOSS Tells Me “Access Denied” to Edit a Workflow Task, But I Really Do Have Access

I’ve implemented a workflow using SharePoint Designer in a site which is mainly read-only to "NT_AUTHORITY\Authenticated Users" (i.e. everyone).  There is a forms library for an InfoPath form.  There is an associated workflow tasks list as well so that when the workflow operates, it can assign tasks to people.

I break permission for the forms library and task list so that any authenticated user can create forms and update their assigned tasks.

I test with my low-privileges test account. 

Can I fill out and save a form to the library? –> YES

Can I access the task from an email link? –> YES

Can I see an Edit workflow task link –> YES

Can I click on that link?  –> NO … Permission Denied.

Why can I see an edit link that denies me permission when I click on it?  That’s not how it’s supposed to work…

I go through the security configuration again, very closely.  I do it again.  I consider deleting this post because I obviously don’t know anything about security.

Finally, I search the Internets.  I find this highly unlikely MSDN forum thread:  http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1838253&SiteID=17

The posters appear to be suggesting that the simple act of exporting the workflow to a drive platter will fix a MOSS security issue?  I can hardly believe I just typed that.  I’m reminded of the South Park episode about the 9/11 conspiracy where Stan is asking our Preznit, "Really?" over and over again. 

So, nothing to lose, I fire up SPD, right-click on the workflow and save it to my c:\ drive.  That would be the c:\ drive on my laptop.  I’m looking over my shoulder the whole time so that no one will ask me, "why are you saving that workflow to your laptop?"

Incredibly, that solves my problem.  I can edit the task.

I hereby nominate this to be the Most Bizarre Workflow Workaround of 2007.

</end>

Technorati Tags:

SharePoint Designer, Current Item’s “Encoded Absolute URL” and HTTPS

We often want to send an email that includes a hyperlink to the item or document that triggered the workflow.  We can use current item’s "Encoded Absolute URL" for this purpose.  However, it always seems to use "http" for the URL protocol.  If your site runs on HTTPS then it will not work for you.

image

As far as I know, there is no out of the box solution to this problem.  If you need to use HTTPS, you have no out of the box option.

To solve it, create a custom action that provides a string replace function to use in your workflow.  Alternatively, use a 3rd party tool such as the excellent package here: http://www.codeplex.com/spdwfextensions 🙂

</end>

Technorati Tags: ,

Quick and Easy: Determine Internal Column Name of a Site Column

UPDATE: Jeremy Thake has blogged about this and put up some code for a console application that shows internal names.

I was trying to get a content query web part to display a due date from a task and because the screen label is "Due Date", I assumed that the column name to use in <CommonViewFields> is "Due_x0020_Date".

Wrong!

The real column name in this case was "DueDate".

How did I find it?  I re-read Heather Solomon’s blog entry on modifying CQWP to show additional columns of data.  She describes this process at step #13.  Trust it.  It’s correct.  At least, it was correct for me.  I did not trust it at first for another column with a much longer name.

I say "Trust it" because I did not trust it and probably wasted near two hours butting my head up against a wall.  After I resolved the "DueDate" name, I wanted to add another field to <CommonViewFields>.  Using the Solomon technique, I was getting a column name like "XYZ_x0020_Project_x0020_Due_x00".

I thought to myself, that’s clearly a truncated name.  I went ahead and un-truncated it with no success.  I finally used the seemingly truncated name and it worked.

Bonus tip: When I was working with the CQWP, if I added a bad internal name to <CommonViewFields>, the CQWP would tell me that the query had returned no results.  But, if I added a data type to the field name, it would return a result.  Adding the data type actually masked a problem since I was referencing a non-existent field.  I could add it, but when I tried to display its value, I would always get a blank. 

This did not mask the error:

<CommonViewFields>Due_x0020_Date;</CommonViewfields>

This did mask the error:

<CommonViewFields>Due_x0020_Date,DateTime;</CommonViewfields>

</end>

Beware Breaking Changes to ItemStyle.xsl

I was working with ItemStyle.xsl to customize the look of a Content Query Web Part and right about lunch time, I made a breaking change to the xsl.  I didn’t realize it, but this had far reaching effects throughout the site collection.  I went off to lunch and upon my return, noticed this message appearing in a bunch of places:

Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Windows SharePoint Services-compatible HTML editor such as Microsoft Office SharePoint Designer. If the problem persists, contact your Web server administrator.

I blamed the client (not realizing as yet that it was my fault at this point) but eventually noticed that visual studio intellisense was warning me that I had malformed XSL.  I corrected it and everything started working.

Be darned careful when working with ItemStyle.xsl (and any of the global XSL files) — breaking them affects many artifacts in the site collection.

<end/>

My Son Hacked Gamespot

So, this morning, my son is determined to see an age-thirteen restricted Halo 3 video at Gamespot.  I’m outside shoveling snow, so I’m not there to help or hinder.  Necessity is the mother of invention and all that … he  has a eureka! moment.  He realizes that even though Gamespot wants him to enter his real birth date, he can actually enter any birth date he wants.  Once he realized that, he made himself old enough to see the video.

I’m not quite sure how I feel about this 🙂

Sunday Funny: “It’s Printing Garbage”

At my first job out of college in 1991, I was lucky to to work for a manufacturing company with 13 locations, not including its corporate HQ in New Jersey.  I joined just when the company was rolling out a new ERP system.  We were a small IT department of about ten people altogether, two of whom Did Not Travel.  Part of the project involved replacing IBM System 36 boxes with HP hardware and HPUX.  Everyone used green tubes to access the system.

The project rolls along and I’m sent down to Baltimore with a new co-worker, Jeff.  Our job was to power up the Unix box, make sure the O/S was running, install the ERP system, configure the ERP, train people on the ERP and do custom work for folks on the spot.  (This was a dream job, especially coming straight out of college).  Before we could really get off the ground, we needed to unpack all the green tubes, put them on desks and wire them.  And the best part was that we had to put the RJ11 connectors on ourselves.

For some reason that I never understood and actually never thought to ask about at the time, we had had some contracting company come along and run cable throughout the plant, but we didn’t have them put on the connectors.  So, there was a "patch box" with dozens of of unlabeled cables in the "computer room" and these snaked around the building to various places in the building.

We worked our way through it over the course of a weekend, testing each wire, putting on a connector (making sure it was straight vs. crossed), ensuring the bit settings on the green tubes and printers were correct,  labeling wires, making sure that "getty" was running correctly for each port and probably a thousand other things that I’ve suppressed since then.  It all came together quite nicely.

But, there was one important cable that we couldn’t figure out.  The plant in Baltimore had a relationship with a warehousing location in New Jersey.  Some orders placed in Baltimore shipped out of that location.  There were two wires that we had to connect to the HPUX box: a green tube and a printer.  The green tube was easy, but the printer turned into a three-week nightmare.

If you don’t know it, or have suppressed it, dealing with green tubes and printers this way, there are various options that you deal with by setting various pins.  8-bit, 7-bit, parity (even/odd/none), probably others.  If you get one of those settings wrong, the tube or printer still shows stuff, but it will be total gibberish, or it will be gibberish with a lot of recognizable stuff in between.  Of course, these pins are hard to see and have to be set by using a small flat-edge screw driver.  And they are never standard.

We set up the first of many quick calls with the NJ guy (a grizzled computer hater who probably curses us to this day).  We got the green tube working pretty quickly, but we couldn’t get the printer to work.  It kept "printing garbage".  We would create a new RJ11 connector, switching between crossed and straight.  We would delete the port and re-created in Unix.  We went through the arduous task of having him explain to us the pin configuration on the printer, never really sure if he was doing it correctly.

It’s about time to go live, everything in Baltimore is humming, but we can’t get the cursed printer up in NJ to work!  We’ve exhausted all possibilities except for driving back up to NJ to work on the printer in person.  To avoid all that driving, we finally ask him to fax us what he’s getting when it’s "garbage", hoping that maybe there will be some clue in that garbage that will tell us what we’re doing wrong.

When we got the fax, we immediately knew what was wrong.  See, our method of testing whether we had configured a printer correctly was to issue an "lp" command like this:

lp /etc/passwd

Basically, we printed out the unix password file.  It’s always present and out of the box, always just one page.  You standard Unix password file looks something like this:

smith:*:100:100:8A-74(office):/home/smith:/usr/bin/sh
guest:*:200:0::/home/guest:/usr/bin/sh  

We had been printing out the password file over and over again for several weeks and it was printing correctly.  However, to the end user, it was "printing garbage".

</end>

Yet Another Network Credentials Multi-Challenge Issue and Solution

My client recently installed a magic device from Juniper that apparently replaced their old Cisco network load balancer (NLB).  At about the same time, we installed a hotfix to address a workflow problem.

A day or two later, we noticed a problem when we accessed the shared service provider (SSP).  We could get to it, but we would be challenged for a user ID and password many times on each page.  This didn’t happen with the main portal app, nor central administration.  Naturally, we didn’t know which of the two (Juniper or hotfix) would be the issue, though I strongly suspected the hotfix, figuring we had not installed it quite right.

It turned out that Juniper had some kind of compression setting.  One of the robed figures over in the network group turned that setting off.  That solved our problem.

This is not the first time that compression has been the root cause of a SharePoint problem for me.  IIS compression adversely affected a 3rd party tool from the good people at The Dot Net Factory for IE 6 browsers (IE 7 browsers worked without difficulty).

So, add "compression" to the hazards list.

</end>

Credit to: http://www.elfwood.com/art/s/h/sherry/death_colour.jpg.html

Technorati Tags: ,

Thinking About Changing Blogging Platform

I started off my "blogging career" using Microsoft’s platform and it’s been good to me.  It’s easy to post, there are good options and widgets for managing your "space", decent web storage and so forth.

However, I really just fell into the MS solution with almost no planning.  That alone calls for me to evaluate where I am and where I’m going, in terms of a blogging platform.  There are also two important limitations that bother me right now vis-à-vis Windows Live Spaces. 

First, I can’t get very good statistics.  There are stats but the detail is often truncated and not presented in a way that allows for any kind of analysis.  There no sorting or export capability.  I get many blog ideas based on the kind of information people find (or especially fail to find) when they search my blog.  It’s very hard to use lives spaces for that.

Second, there does not seem to be any mechanism to "monetize" a windows live space blog.  In fact, in order to get rid of MS ads (from which I derive no benefit), I need to actually pay Microsoft.  (At least, that’s how I understand it; I have been unable to get definitive answers to this and questions like it).

Now that I’ve got an established pattern and set of blogging habits, I want to evaluate other options.  I’ve done some research and there are a lot of choices, but I’m curious as to what other people, particularly others in the SharePoint community (as bloggers or readers), like to use. 

If this subject interests you and you have an opinion or are willing to share your experience, please leave a comment or email me directly.

Thanks!

<end/>

Technorati Tags:

SharePoint Designer Email Sends ???? in an Email

Forum users occasionally ask: Why does SharePoint Designer put ???? into my email instead of a field value?

One reason this happens is because the variable to which you refer is null.

This can happen because you are trying to reference a field from the "current item" but the user never entered a value into that form field.

<end/>

Technorati Tags:

Compare / Test for Blank Dates in SharePoint Designer Workflow

Scenario: In a SharePoint Designer workflow, you need to determine if a date field is blank.  

Problem: SPD does not provide a direct method for comparing dates to anything other than a date.  You cannot create a condition like this: "If [DateField] equals blank".

Solution: Convert the date to a string.  Use string comparison to determine if the date is blank. 

Screen Shots:

The following screen shots show how to do this.  In this scenario, a field on an item, "Environmental Permits:First Permit Reminder Date", is submitted and the workflow fires in response.

image

 

 image

Notes:

When I tried this, I was pleasantly surprised to learn that it works.  I was worried that SharePoint Designer might disallow the string assignment (Variable:StringReminderDateDate) but it did allow it.

I was also concerned that allowing it, the value might be null and either blow up the WF at runtime or maybe raise the global temperature 1/2 a degree, but those concerns were unfounded.

</end>

Technorati Tags: