Tuesday, April 25, 2017

Item Level Permission - SPD Workflow 2013 - Part 2

Workflow Creation & Configuration

Full Workflow Screenshot

  1.  Below is the screenshot of the workflow that we would be developing.

Create a SPD 2013 Workflow

  1. Create a SharePoint Designer workflow for “Demo List”. 
  2. Since SharePoint Designer workflow runs under current user authorizations so we will not be able to call REST API under normal user credentials. So we will have to user APP STEP.
Enable App Step

  1. APP Step is a new feature in SharePoint Designer Workflow. We have to assign permission to workflow just like we do for SharePoint Apps and workflow would be able to do the task even if user is not having access for that action.
  2. By default APP STEP action would be disabled.
  3. To enable that we need to active a site feature “Workflow can use App Step”.
  4. Activate the above mentioned feature.
  5. After activating you would see, app step action is activated in SharePoint Designer as show below

Assign Permissions to Workflow

  1. Go to Site Settings à Site App Permissions
  2. Now publish a blank workflow and again go to Site Settings à Site App Permission.
  3. You will see new entry for Workflow.
  4. Underlined text would be the APP ID for which we need to give Full Control to web level. Copy this APP-ID.
  5. Go to  https://sponlinepractice.sharepoint.com/sites/ml/_layouts/15/appinv.aspx
  6. Paste the APP-ID copied in previous step in above form and click on Lookup button.
  7.  It will auto-populate the information such as Title, App Domain, Redirect URL.
  8. Now copy paste below permission xml in Permission Request XML in above form.
  9. Here we are giving full control to workflow at web level which is defined by scope and Right in above xml.
  10. Click on create.
  11. It will ask you to trust the workflow access. 
  12. Click on trust.
  13. Now workflow has enough permission to call REST API and assign proper permissions

                               Proceed to Part 3


1 comment:

  1. Just a note in case anyone else also tries this method, it did not work for me after following the steps in this series of articles. I continued to get unauthorized error even though the app was trusted. I think these steps may not be enough now for authorization on SPO. I ended up using Flow and the same SharePoint REST calls but going through all the oAuth steps of trusting an app AND getting an access token with client id and client secret to get this working. These links provide a pretty good walkthrough of it:
    1. https://www.youtube.com/watch?v=_-vvlPXv8rc - How to set SharePoint list permissions using Flow
    2. https://noellawlor.wordpress.com/2018/01/18/setting-sharepoint-item-list-permissions-with-flow/
    3. http://www.ktskumar.com/2017/01/access-sharepoint-online-using-postman/

    ReplyDelete