In this example I have two site collections named Config and Project where I have created the workflow in the Project site collection using SharePoint Designer. In the Config site collection I have a list called Approvers where I store relevant information regarding approvers.
Following diagram shows the scenario I described.
To get relevant information from Config site collection, I will use SharePoint api web services. For an example I could use following service to return all items in that list.
“http://sp13/Sites/config/_api/web/lists/getbytitle('Approvers')/items”Calling a HTTP web service through a SharePoint 2013 Designer based workflow is straight forward. I have explained that in this blog post.
Although I have followed the steps correctly, I was getting an “Unauthorized” exception all the time. I’ve given necessary permissions to the list and web application but still I was getting the same error.
Later I figured out that we need to provide permissions to the workflow explicitly if we need to access resources beyond the current site. Following are the steps I followed to configure permissions to the workflow
1. Activate “Workflows can use app permissions” site feature in the site where I create the workflow (http://sp13/Sites/project )
2. Navigate to Site Settings –> Site app permissions where you can see an item called workflow
3. Copy the client section of the App Identifier as shown below
4.Navigate to <site url>/_layouts/15/appinv.aspx to configure permissions. Then add the client section of the App Identifier in the App Id section and click Lookup to populate content.
5. Then we need to specify App’s Permission Request XML
<AppPermissionRequests>
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
6. Finally we will trust the workflow
This will allow our workflow to access resources beyond the current site collection.
6 comments:
Hi Dinusha
thanks for sharing your knowledge. I have been battling permissions issues like this for several days. I tried to follow your steps on SP2013 on-premise and got an error about not being a tenant admin. Does this fix apply to on-premise 2013SP1 or is it for sharepoint online?
Hi Andrew
I did this demo in on-premise environment.
It would be better if you can post the exact error message. Meantime you can try putting "" for the authorization property in the HTTPSend activity
Thanks Dinusha. This saved me a lot.
I know this is late, but this is a good easy to read instruction. I followed it and it worked for me in SharePoint Online. Many Thanks
I have followed mentioned steps.
The issue is when i'm accessing "http://....../sites/NAB/_api/site/ServerRelativeUrl/" i'm getting results.
But when accessing HTTPS "https://...../sites/NAB/_api/site/ServerRelativeUrl/" getting the Unauthorized error.
This solved my problem! Thank so much!
Post a Comment