In this article, I am going to solve the below SharePoint Workflow Permission issue:
The Workflow was Suspended with Unauthorized HTTP
Elevate Workflow Permissions In SharePoint
I have created a simple SharePoint workflow to update a list item via SharePoint designer 2013.
When I tried to test the workflow, It is suspended with the below error:
Unauthorized HTTP to /_vti_bin/client.svc/web/lists
SharePoint workflow doesn’t have sufficient permission
By default, the SharePoint workflow doesn’t have sufficient permission to access the SharePoint lists, and this process requires a full control permission level.
Workflow Permissions In SharePoint
Before we getting started, you should be aware of the following:
- By default, the workflow runs at “Write” permission level.
- To allow the workflow to use APP permissions, you must be a Site Owner or Site Collection Administrator.
- The Workflow Manager platform must be configured properly to be able to activate “Workflows can use app permissions” feature.
- The App Management Service must be configured to be able to grant a full control permission to a workflow.
- App step provides the workflow authorization for its Identity as a Full Control and ignores the current user permission.
- The SharePoint 2010 workflow is not supported in App Step,
- The “Start List Workflow” action is used only to start a SharePoint 2010 workflow, So it’s not supported in App Step.
- If you don’t elevate the permissions for the SharePoint Workflow, The App Step will be disabled in the SharePoint Designer.
Elevate SharePoint Workflow Permissions
Note: To elevate the SharePoint Workflow Permissions, The current user should be Site Owner or Site Collection Administrator.
Allow workflow to use app permissions
- Open the SharePoint Site Collection > Site Settings.
- Below Site Actions > Select Manage site features.
- Activate Workflows can use app permissions feature.
Note: The Workflow Manager platform must be configured properly to be able to activate “Workflows can use app permissions” feature.
Grant full control permission to SharePoint workflow
- Open the SharePoint Site Collection > Site Settings >Below Users and Permissions > Click on Site App Permissions.
- Copy the client section of the App Identifier.
The App Identifier is the identifier Guid between the last “|” and the “@” sign, as shown below.
- Navigate to grant permission to an app page by browsing the “appinv.aspx” page of the site collection.
- Paste the client section of App Identifier to the App Id field.
- Click Lookup to fetch the required info.
Note: The App Management Service must be configured to be able to lookup your identifier.
If the App Management Service is not installed you will get the below error when you clicked on Lookup button.
Note: In case, The lookup button was unable to retrieve its related information, check Lookup an app id was unable to retrieve its related data during granting permission to an app in SharePoint 2013
- Paste the below APP Permissions Request XML to grant full control permission.
<AppPermissionRequests> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/> </AppPermissionRequests>
- You will then be asked to trust the Workflow app, Click Trust It.
Develop the workflow actions inside an App Step using SharePoint Designer
Using App step will allow the workflow to be authorized with its identity as a Full Control and ignore the current user permissions. this is will ensure that the workflow will be executed successfully in case the current user has no permissions.
Note: The App Step will be disabled in the SharePoint Designer., in case you are not followed all the above steps.
Below Workflow Settings > Uncheck the “Automatic updates to workflow status to the current stage name“, then click Publish.
Note: If you didn’t check “Automatic updates to workflow status to the current stage name“, the current user will require Edit permission on the list to can edit the workflow status.
Try now to test your workflow and check it’s status that should be now worked properly.
Note: The SharePoint 2010 workflow is not supported in App Step.
- SharePoint 2013.
- SharePoint 2016.
In this article, I have explained
- Elevate permissions for the SharePoint Workflow.
- Solve Unsufficient permission for SharePoint workflow.
- Grant required permissions for SharePoint Workflow.
- Install and Configure Workflow Manager for SharePoint 2013.
- Sorry, something went wrong App Management Shared Service Proxy is not installed on SharePoint Server 2013.
- Lookup an App Id was unable to retrieve its related data during granting permission to an app in SharePoint 2013.