sharepoint enterprise – SP13 – Do not allow user permission for users, but give enough to interact with wfl

In Sharepoint 2013, I'm having issues with my permissions on my site where a Nintex workflow will only run when a new item is created / added. The integrity of the information is important to us, and we do not want our users to edit the item they create. If you've made a mistake, you'll need to create a new item to start a new workflow.

Our problem is that some users need permissions high enough to answer tasks for our workflow (we have them at the Contribute level). However, these permissions are also high enough for them to be able to edit their elements with the quick edit.

Disabling Quick Edit is a choice, but the only option is disabling it for everyone and this is a no.

What can we do to specialize our permission levels? In general, only a few trusted people can edit elements (some parts have to be edited manually). What we want is:

  • A group that allows you to create new items (that is, a new workflow run), but does not have permission to edit / delete items
  • A group that can answer workflow tasks but is not authorized to edit / delete items
  • A group that only appears and has no permissions to edit / delete / add items
  • A group with enough permissions to allow all of the above.

Which permissions do we have to grant? Do you need to create new groups? What rules do we have to apply to these groups to work as intended?

Any solution that requires coding in an IDE is not in the table because I can not have IDE due to the company policy.

If you need more information, please ask.