During the course of running a SharePoint workflow, it may be necessary to script something that the current user would not normally have permission to do.
I was recently working on an education site and wanted to create a workflow that moved coursework from a hand-in document library, which obviously the students had contribute writes to, on to a marking library where they had no rights.
The role of the workflow was to set time and date stamps on the item as it was submitted, along with some additional metadata, then move the coursework to the marking library and delete the uploaded version. The problem is that by default, workflows run as the current user and consequently adopt their user permissions.
In my case the students have permission to create / upload the initial coursework but would not have permission to move it to the marking library. In SharePoint Designer 2010 this would have been resolved by using an impersonation step, however this action has been depreciated in Designer 2013.
To carry this out in SharePoint Designer 2013 you need to follow these steps.
Activate the ‘Workflows can use app permissions’ feature in Site Features to allow workflows to read from and write to all items in your site. Activation of this feature is necessary for the App Step to become available for use in SharePoint Designer 2013:
Then open designer and create the workflow in the usual way but when you come to a step that needs elevated permissions – such as copy to…. Then add in an App Step and put the step inside of that – this gives full read write permissions to all lists and libraries in the site.
Select App Step located in the Workflow Tab of the ribbon:
Any actions you now place within this App Step can read from and write to all items in the site.
The main advantage of the App Step is that you can run the step with elevated permissions at the correct position in the workflow rather than having to have the whole workflow in an impersonation step. This provides additional security over the previous model.
To learn more about SharePoint, InfoPath forms, or Designer workflows why not attend one of our SharePoint courses: Click here for more info