Action – SharePoint group members management

Applies to version 8.3.x; Author: Mariusz Burek

Adding and removing users from SharePoint groups

Obtaining information about what groups a certain user belongs to is rather time-consuming, as is adding/deleting a single user to/from multiple groups. WEBCON BPS allows you to modify the contents of SPS groups with the help of workflow instances, through an action called ‘SharePoint group members management’.


1. Action configuration

1.1  Mode

The action is found under the ‘SharePoint users & permissions’ node


Fig. 1. Action selection menu

It can work in one of the two main modes:

Add a user (users) to the specified group

Remove a user (users) from the specified group


Fig. 2. Action modes

The action can be carried out inside or outside the transaction. Executing the action within transaction will extend the time it takes to reload a workflow element by the amount of time it takes to for this action to complete. If multiple users are being added/removed, it is recommended to execute this action outside the transaction – for performance reasons.


1.2  Selecting a group to modify

This action has 2 ways of defining which group should be modified:



Static mode involves simply entering the group name into the field as a fixed value:


Fig. 3. Static group selection

For dynamic mode, provide a tag referencing a form field that contains information about an SPS group. The information must have the following format: http://site_name|@|group_id

For example:|@|15


Fig. 4. Dynamic group selection


1.3  Selecting user accounts

When selecting an account/accounts, we have access to 3 methods of configuration:



Query (SQL or CAML)


Similarly to group selection, static user selection involves typing out individual user logins into the field:


Fig. 5. Static user selection

Again, the dynamic user selection should contain a tag that references a field containing user logins – they must have the following format: DOMAIN\login

For example: WEBCON\

Multiple logins can be returned, but they should be separated by semi-colons or commas.

For example: DOMAIN\user1; DOMAIN\user2


Fig.  6. Dynamic user selection

The final method of selecting users is writing an SQL or CAML query, which will return user logins that are to be added/removed from a group. The returned logins must be separated by semicolons or located in separate rows.


Fig. 7. Selecting users via query (SQL or CAML)


2. Example of use

As an example, I created a process used for managing which groups a certain user belongs to.

After selecting a person in the User field, the Remove from group side will contain a list of all groups that the user is a member of (unchecking the Is in group? box will remove the user from the given group). In the Adding to group list, the person editing the workflow instance can specify any number of groups, to which the selected user will be added. Changes to groups are applied as soon as the person editing the workflow instance clicks one of the two path buttons: Save or Go to next step.

Keep in mind that changes to the BPS cache are applied only after it is reloaded (which depends on the defined cache-refresh schedule).



3. Example of use – In depth

Here is a breakdown of the components that make up the workflow used in the example.


3.1 Form fields


Fig. 1. List of form fields in the process


Mapping form fields to database fields (for this specific example):

– Adding to groups

                – Group – DET_Att1

                – T: Added to group? – DET_Att2

– Removing from groups

                – Belongs to group? – DET_Att1

                – Group – DET_Att2

                – T: Removed from group? – DET_Att3

– T: Group ID – WFD_AttText1

– User – WFD_AttPeople1



Fig. 2. Configuration of the “Adding to group” item list



Fig. 3. Configuring the “Group” column in the “Adding to group” item list



Fig. 4. Configuration of the “Remove from group” item list



Fig. 5. Initialization of the “Remove from group” item list


When preparing the query shown above, it is very important to enter the correct content database name. In this example, it is the following fragment:

join [WDR01_WSS_Content].[dbo].[Groups] groups on groups.ID=gr.coset_tokenPart


Querying the SharePoint content database directly is strongly not recommended.

Such queries should be used as a last resort, and with full awareness of the consequences.


3.2 Workflow diagram


Fig. 6. Visual representation of the workflow


3.3 Step configuration – Is there any item on the list “adding to group”?


Fig. 7. Query that controls (directs) the workflow in the step: Is any item on list “Adding to group”?



Fig. 8. The actions found on step: Is any item on list “Adding to group”?



Fig. 9. Step: Is any item on list “Adding to group”? – Action configuration of “Get SP group ID”



Fig. 10. Step: Is any item on list “Adding to group”? – Action configuration of “Update ‘Adding to group’”



Fig. 11. Step: Is any item on list “Adding to group”? – Action configuration of “Add user to group”


3.4 Step configuration – “Added to all groups?”


Fig. 12. Query that controls (directs) the workflow on the step: Added to all groups?


3.5 Step configuration – “Removed from all groups?”


Fig. 13. Query that controls (directs) the workflow on the step: Removed from all groups?



Fig. 14. The actions found on step: Removed from all groups?



Fig. 15. Step: Removed from all groups? – Action configuration of “Get SP group ID”



Fig. 16. Step: Removed from all groups? – Action configuration of “Update “Remove from group””



Fig. 17. Step: Removed from all groups? – Action configuration of “Remove user from group”

4 thoughts to “Action – SharePoint group members management”

  1. I’m building similar but simpler Workflow. In WF flow control i need to do some actions with every item in item list and then move to the next step.
    There are two paths going from the FC – The path Yes to the next step and path No to the FC itself, so it creates closed loop.
    In the path No there si placed the action ‘set actual item list processed’, which updates special item list column from 0 to 1 – stored in tbl.WFElementDetails attribute DET_Att7.
    The FC condidion select the next path:
    if exists (select DET_ID from dbo.WFElementDetails where DET_WFDID='{WFD_ID}’ and DET_Att7=0)
    select {PH:299} – path No
    else select {PH:250} – path Yes.
    After iterating of every item in the item list (cycling along the path No), WF instance should moves along the Yes path to the next step.
    The problem is, that instance raise the exception: “Closed loop with change path actions configured on path”.
    In the log table i can see that the action in the FC was called several times before exception.
    I tried to move the action ‘set actual item list processed’ from On path to the On entry, but the problem stays.
    Interesting is, if I add intermediate dummy step to the No path, the algorithm works OK. The instance is moved along the No path just item list rows count times and then instance moves to the path Yes without any problem. I use this dummy step for testing.
    I understand, that Webcon has some guard against neverending cycle, but how should i process item list when Webcon don’t contain no specialized step to make FOR cycle ?

  2. They query in the article applies to version 8.3. Here is the query that should work in versions 2016 and 2017:

    select groups.Title as Det_Att2,
    1 as Det_Att1
    From [dbo].[cacheorganizationstructure] u
    left join [dbo].[cacheorganizationstructureextendedtokens] gr on gr.coset_cosid = u.cos_id
    left join [WSS_Content].[dbo].[Groups] groups on groups.ID=substring(gr.coset_tokenPart,patindex(‚%|@|%’,gr.coset_tokenPart)+3,1000)
    where u.cos_login= ‚user_login’
    and ISNUMERIC(substring(gr.coset_tokenPart,patindex(‚%|@|%’,gr.coset_tokenPart)+3,1000))=1

  3. The particular query for getting the groups is one thing, but how can I process the item list item by item in general ?

Leave a Reply

Your email address will not be published. Required fields are marked *