SharePoint Tips: App Step or Impersonation Step in SharePoint Designer 2013

Sep 09, 2014 - by Andrew Reeves

During the course of running a SharePoint workflow, it may be necessary to script something that the current user would not normally have permission to do.

I was recently working on an education site and wanted to create a workflow that moved coursework from a hand-in document library, which obviously the students had contribute writes to, on to a marking library where they had no rights.

The role of the workflow was to set time and date stamps on the item as it was submitted, along with some additional metadata, then move the coursework to the marking library and delete the uploaded version. The problem is that by default, workflows run as the current user and consequently adopt their user permissions.

In my case the students have permission to create / upload the initial coursework but would not have permission to move it to the marking library. In SharePoint Designer 2010 this would have been resolved by using an impersonation step, however this action has been depreciated in Designer 2013.

To carry this out in SharePoint Designer 2013 you need to follow these steps.

Activate the ‘Workflows can use app permissions’ feature in Site Features to allow workflows to read from and write to all items in your site. Activation of this feature is necessary for the App Step to become available for use in SharePoint Designer 2013:

Then open designer and create the workflow in the usual way but when you come to a step that needs elevated permissions – such as copy to…. Then add in an App Step and put the step inside of that – this gives full read write permissions to all lists and libraries in the site.

Select App Step located in the Workflow Tab of the ribbon:

Any actions you now place within this App Step can read from and write to all items in the site.

The main advantage of the App Step is that you can run the step with elevated permissions at the correct position in the workflow rather than having to have the whole workflow in an impersonation step. This provides additional security over the previous model.

To learn more about SharePoint, InfoPath forms, or Designer workflows why not attend one of our SharePoint courses: Click here for more info

If this article helped you, please tweet, share, like or +1 using the buttons below - thanks!

2 comments

  1. Khushi

    Hi Andrew - Thanks for your post. I have created a workflow action under the App Step and called the workflow from a custom action to copy item. I am facing an issue. I have created a SharePoint Group to have contribute access on a list. On the site this group has read only access. In this list I am trying to do the Copy Item function. I have added the App Step to elevate permission. The problem is when a person from this SP group tries to Copy Item is redirected to the Access Required Page "Sorry, you don't have access to this page ". The page is showing the source in the URL <SiteUrl>/_layouts/15/wfstart.aspx?List=Guid&TemplateID=Guid&SubscriptionID=Guid When I explicitly add user to the Contribute or Approver group on the site. Copy Items works absolutely fine. But the problem is I can't give them contribute access on the site. just on the list. I don't understand where is the problem. Could you please throw some light? Thanks, Khushi

  2. Ravindra Maurya

    Is app store need to be configured before activating "Workflows can use app permissions" feature ?

Leave a reply