question

WanFeng-9955 avatar image
0 Votes"
WanFeng-9955 asked WanFeng-9955 commented

User has the contribute permission but get access denied when the workflow tried to create a list item


SharePoint O365

The user has been granted contribute permission to Audit log list. Then the user creates an item which triggers Nintex workflow to create audit log item.

The workflow initiator/the user above has been granted Read Write No delete permission on the Audit log list but the workflow keeps failing at creating the item, complaining about access denied.

HTTP Forbidden to https://..../site/_api/web/lists(guid'xxxxxxxxx') - Audit log list
Access denied. You do not have permission to perform this action or access this resource.

The workflow initiator permission is granted through AD group in a SharePoint group.
Checking permission shows the workflow initiator has read write no delete permission

office-sharepoint-online
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenXu-MSFT avatar image
0 Votes"
AllenXu-MSFT answered

Hi @WanFeng-9955,

To narrow down this issue, I have a check list for you.

  • Make sure the feature “Limited-access user permission lockdown mode” is not activated. You can check it under Site settings > Site collection features under Site Collection Administration
    80131-image.png

  • Make sure the feature “Workflows can use app permissions” is activated. You can check it under Site settings > Manage site features under Site Actions
    80097-image.png

  • Clear SharePoint Designer 2013 cache to have a try. Please take a reference to this article: How to Clear Your SharePoint Designer 2010/2013 Cache.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (10.0 KiB)
image.png (5.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WanFeng-9955 avatar image
0 Votes"
WanFeng-9955 answered WanFeng-9955 commented

Allen,

Thanks for helping.

“Workflows can use app permissions” is active

feature “Limited-access user permission lockdown mode” is activated. Since it is activated by default, I am not comfortable to change with causing issues.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@WanFeng-9955,

As per my test, If I give an user contribution permission level to a list and with “Limited-access user permission lock down mode” activated, the user couldn't create items in that list. However, If I deactived the feature, they can create items normally.

0 Votes 0 ·

It is Nintex workflow thing.

I need to group all the actions in the Nintex workflow in an action set. Give the action set elevated permission to run so the worfklow runs with full control permission.

After the change, the audit log item was created.

0 Votes 0 ·