In this post, we’re gonna explain how to configure SharePoint Workflow Permissions to solve SharePoint Workflow suspended with Unauthorized HTTP 401 error.
Also, we’ll go through the following:
You may also like to read SharePoint 2016: Configure Workflow Manager
I have created a simple SharePoint Designer workflow to update a list item via SharePoint designer 2013 that published successfully.
But when I tried to test the SharePoint workflow, I have noted that the workflow suspended with the below error:
SharePoint Workflow Suspended with Unauthorized HTTP 401
Actually, this issue usually occurs if SharePoint workflow doesn’t have sufficient permission.
In the next section, we’ll discuss the required SharePoint Workflow Permissions to avoid SharePoint Workflow Unauthorized HTTP 401 error.
By default, SharePoint workflow has a “WRITE” permission level to access the SharePoint lists.
Actually, “WRITE” is not sufficient permission to let SharePoint workflow performing properly, and it should have a “Full Control” permission level.
By dint of App Step in SharePoint Designer Workflow, you will be able to provide Full Control authorization permission to the SharePoint workflow Identity and ignores the current user permission.
App Step is only available in SharePoint 2013 Workflow, you can’t use APP Step in SharePoint 2010 workflow.
Additionally, you can’t add the “Start List Workflow” action in SharePoint 2013 workflow App Step. this is because the “Start List Workflow” action is only used to start a SharePoint 2010 workflow.
By default, the App Step is grayed out in SharePoint Designer Workflow This is because the SharePoint Workflow permissions are not configured.
In the next section, we’ll explain how to configure SharePoint Workflow permissions step by step.
To elevate the SharePoint Workflow permissions, you should do the following:
- Allow workflow to use app permissions.
- Grant full control permission to the SharePoint workflow.
- Develop the workflow actions inside an App Step.
But before we getting started to elevate SharePoint Workflow Permissions, you should first make sure that:
- The App Management Application Service has been configured to be able to grant full control permission to the SharePoint workflow.
- The SharePoint Workflow Manager has been configured properly to be able to activate “Workflows can use app permissions” feature.
Allow workflow to use app permissions
First, the current user must be a Site Owner or Site Collection Administrator to be able to allow the SharePoint workflow to use App permissions.
To allow SharePoint workflow to use App permissions, you should do the following:
Steps
- Open the SharePoint Site Collection > Site Settings.
- Below Site Actions > Select Manage site features.
- Activate Workflows can use app permissions feature.
Note: The Workflow Manager must be configured properly to be able to activate “Workflows can use app permissions” feature.
To Grant full control permission to SharePoint workflow, you should do the following:
Steps
- Open the SharePoint Site Collection > Site Settings >Below Users and Permissions > Click on Site App Permissions.
- Copy the client section of the App Identifier.
The App Identifier is the identifier Guid between the last “|” and the “@” sign.
- Navigate to grant permission to an app page by browsing the “appinv.aspx” page of the site collection.
- Example:
http://hostname/_layouts/15/appinv.aspx.
- Example:
- Paste the client section of App Identifier to the App Id field.
- Click Lookup to fetch the required info.
The App Management Service must be configured to be able to look up your identifier. If it is not configured or stopped, you will get “App Management Shared Service Proxy is not installed” error when you click on the Lookup button.
Note: If The lookup button was unable to retrieve its related information, check Lookup an app id was unable to retrieve its related data during granting permission to an app in SharePoint 2013
- Paste the below APP Permissions Request XML to grant full control permission.
<AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/>
</AppPermissionRequests>
- Click Trust It button to trust the Workflow app.
You may also like to read Workflow Manager Health Checklist
Develop workflow actions inside an App Step
As we earlier mentioned, the SharePoint Workflow App Step allows the workflow to be authorized with its identity as a Full Control and ignore the current user permissions.
This is will ensure that the workflow will be executed successfully in case the current user has no permissions.
Below Workflow Settings, don’t forget to check “Automatic updates to workflow status to the current stage name“.
Note: If you didn’t check “Automatic updates to workflow status to the current stage name“, the current user will require Edit permission on the list to can edit the workflow status.
At the end, click Publish , then test your workflow that should be now working properly.
Access denied. You do not have permission to perform this action or access this resource.
If you tried to use “Call HTTP Web Service” action to call a REST API,
You may get the below error:
“Access denied. You do not have permission to perform this action or access this resource.“
To solve this issue, you should make sure that the current user is a member of a group that has “Use Remote Interfaces” permission granted.
Steps
- Go to site collection > Site Setting.
- Below “Users and Permissions”, Click on Site Permission.
- From the above ribbon, Click on the Permission Level.
- Edit your Permission Level.
- Go down to the Site Permission section,
- Check “Use Remote Interfaces – Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site“.
If the above solution helped you to solve your issue, Please, don’t forget to upvote my related answer at SharePoint Stack Exchange.
Conclusion
In conclusion, we have explained how to grant the SharePoint Workflow Permissions.
We have also solved the below issues
- SharePoint Workflow App Step disabled.
- SharePoint Workflow unauthorized HTTP 401.
- Access denied. you do not have permission to perform this action or access this resource.
Applies To
- SharePoint 2016.
- SharePoint 2013.
You may also like to read
- Workflow Manager: HTTP 403 Forbidden.
- SharePoint 2016: Configure Workflow Manager.
- Configure Workflow Manager for SharePoint 2013.
Have a Question?
If you have any related questions, please don’t hesitate to Ask it at deBUG.to Community.