SharePoint 2013 Workflow: App step and App Permissions

By default workflows run under the permissions of the user that starts the workflow, even is the workflow starts on a change or when a new item is created. The initiator does not always have the right permissions to complete all the actions within the workflow. For example when the workflow needs to delete an item, create a new items or use a web service. With SharePoint 2013 workflows it is possible to use the App step action to give the workflow its own permission set.

Solution part 1: Activate the feature

  1. The feature Workflows can use app permissions needs to be active.
  2. Open the site settings and click on Manage site features
  3. Activate the feature: Workflows can use app permissions

Solution part 2: Grant workflow app permissions

  1. Open the site settings and click on Site app permissions
  2. Copy the client section if the App Identifier. This is the identifier between the last “|” and the “@” sign, as shown in the figure.
  3. Navigate to the Grant permissions to an app page.This must be done by browsing to the appinv.aspx page of the site.
    http://}hostname}/{the Site Collection}/_layouts/15/appinv.aspx
    
  4. Fill in the App Id and click on Lookup
  5. The fields Title, App Domain and Redirect URL will be filled in automatically.
  6. Paste the following XML into the Permission Request XLM textbox to the grant the workflow App step full control
    <AppPermissionRequests>
        <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
    </AppPermissionRequests>
    
  7. Click on Create and on Trust It

Solution part 3: Using the App step

  1. Create a SharePoint 2013 Workflow with SharePoint Designer.
  2. Click on App Step in the ribbon to add the step.
  3. Add actions within the App Step and publish the workflow, for example:
Share

2 Replies to “SharePoint 2013 Workflow: App step and App Permissions”

  1. What is the different between:

    sitecollection/web

    and

    sitecollection

    I see different solutions that reference both….and can I make this change specific to 1 subsite?

Leave a Reply to Eric Weiner Cancel reply

Your email address will not be published. Required fields are marked *