SharePoint 2013 workflow with elevated permissions – App Step

When creating SharePoint workflows one of the biggest problems is enabling the workflow to have enough permission to do all the things it needs. In SharePoint 2010 workflows, in order to run the workflows with elevated permissions you had to create an Impersonation step which was limited because it always had to be at the start of the workflow. Consequently if you needed elevated permissions during the workflow essentially everything had to be run in the step.

In SharePoint 2013 a new step has been introduced called an App Step. However there are a couple of catches to get this working.

The App Step provides very powerful functionality. One of the biggest catches in SharePoint is that the workflow, unless otherwise specified, runs under the permission of Workflow initiator. Consequently if the workflow tries to write to a list or library that the initiator doesn’t have permission it will fail with an Access Denied error. App Steps solves this problem by letting all the actions in it run under Workflow App permission which is Read/Write to all site lists.

In simple words “App Step” provides all the workflow actions added to it, with Read from and Write to Permissions to all the Items in the Site.

However an App Step is not available by default you need to activate a feature in your Site to get this displayed for that site in SharePoint Designer.

Navigate to Site settings->Manage site features and Activate the Workflows can use app permissions site feature.

Once it is activated you can Open the site in Workflow designer and find the App Step

Just click into a stage and then insert an App Step and all actions in the step will then run with elevated permissions.

Did this article help you today?

Yes, thank you :)No, sadly not :(



Good One

Hello, I'm getting System.ApplicationException: HTTP 500 while sending mails in my Workflow, I've added an App Step to get run with elevated feature. But doesn't made any difference. Any thoughts will be really helpful. Thank you.

Hi Andrew Nice Article. i tried following the steps you described but no i cannot select app step yet. I activated the feature "Workflows can use app permissions" and i requested elevated permissions for workflows through the "Permission Request XML" in the "Grant permission to an app" page. Still not able to select "app step". it's just greyed out. Can you help me with this problem?

Make sure you enable it for that particular site and not at the root of all sites, that's what happened to me.

Add new comment