In Nintex Workflow 2010 it is pretty simple to set permission for allowed actions, a good way to personalize the actions a designer can use. OK, to restrict the access to workflow actions, you can uncheck the action in the „Manage allowed actions“ menu at Central Administration or Site Collection level, too. Do this, and no one will publish or use a workflow with the unchecked action furthermore. And I mean really no one, uncheck a action is not mapped to specific users or groups. Further, Nintex is clever and detect this unchecked actions in User defined actions (UDA) and a workflow with a UDA containing a unchecked action can’t be published. Now, if you want restrict the access for „Call a Webservice“ or a „Execute SQL“ actions for a specific workflow designer group, but also want all other workflow designers to use UDAs containing such actions preconfigured, you have to manage the permissions in the Central Administration. This settings you only can do in the Central Administration, not on the Site Collection or Site Level. OK, to set permissions, go to the Central Administration and clicking „Managed allowed actions“ under the „Nintex Workflow Management“ header.
Select the action you want configure and click on „Edit permissions“ at the Ribbon. Now you have the possibility to uncheck the „Make this actions available for all users“ check box and change the users or groups with rights on this action.
In my case, I only allow „sps_admin_ak“ to configure the „Call a Webservice“ action. The user „sps_admin_ak“ configure a UDA ( View this post about UDAs ) with the „Call a Webservice“ action, for example to set user permissions on a SharePoint list or web. In the next step, any other workflow designer use this UDA in a workflow.
At least, the workflow designer will be able to publish the workflow with the UDA containing the „Call a webservice“. He wont be able to use the „Call a Webservice“ directly, but can use it preconfigured in a UDA.
Makes sense, I like it 🙂