To use the Call web service action, we created a service account that has local admin rights to the SP server. We used it successfully in a workflow on one site and when we tried to use it on another site, we generated a 401 UNAUTHORIZED error when trying to call the web service. After some troubleshooting, turns out that the service account needs at least Read permissions to the site in order for the account to have permissions to call the web service. Makes sense, I guess. But, in that we intend to use this action and associated service account on multiple sites, what is the best practice for granting the service account permissions to an entire Site Collection? Should we just grant it owner rights to the site collection? Thanks in advance.
Solved! Go to Solution.
In my experience the service account has had to be Site Collection Administrator. But I may be wrong.
We have a generic service account we use for Nintex Web Service calls that is part of a global group added as SCAs on all sites.