In a workflow, we are querying the usergroup.asmx web service to get the members of 3 separate SharePoint groups in the site collection. We use the same account to connect in each case. In two cases, it works without issue. In the other, it returns a (401) Unauthorized error, even though the connection tests correctly.
What permission does the account need? I assume this is group specific.
All groups allow Everyone to view membership, and membership is controlled by the Group Owner. Requests to join or leave are not allowed.
Any ideas would be most helpful.
How is the group that you are getting the error for setup? Does it allow anyone to view the membership, or is it restricted. The ID has to have the ability to view the membership for that group or else you will get an error.
EDIT: Sorry, didn't read the last sentence of your post. How are you inputting the names into the query?
So it gets a little more peculiar.
Two of the groups are owned by a group "Project Owners", which we use to give full control to a site. The other is owned by my account. All groups allow everyone to view membership, and edit can only be done by the group owner. The group that caused the error is owned by the group. If I change the credentials to my own (which are in the Project Owners group), then testing the step worked. Changing it back to the prior credentials caused it to throw the authentication error again. Note that the same account had no problem accessing the other user group owned by Project Owners, nor with the other user group that was owned by my account.
Adding the credentials that failed to the Project Owners group resolved the problem. I do not understand why. If it had failed on both groups owned by Project Owners, I would accept it; but this seems very arbitrary, which concerns me more. I thought I understood the term "Everyone"...clearly not though.
The credentials that failed are a service account with rather broad permissions in the farm.