Issue
When running a workflow, the workflow completes successfully for some users, however other uses encounter an Access Denied error.
Resolution
- Ensure that the affected user accounts have Contribute permissions on:
- List where the workflow is running
- Any list that the workflow interacts with (query, update, etc.)
- Task list associated with the workflow
- Workflow History list for the site at https://[TenantName].sharepoint.com/sites/[SiteName]/Lists/Workflow%20History/AllItems.aspx
To minimize guessing, identify which list the error is regarding by doing the following:
1. Refer to the error itself as the list ID is mentioned in the error message (in bold below).
2. On any list within the same site, navigate to List Settings; notice that the URL references the list by the ListID.
3. In the URL, replace the current list ID with the list ID mentioned in the error. For example:
https://tenant.sharepoint.com/sites/MySite/_layouts/15/listedit.aspx?List=87d30f08-7f60-4b17-b144-a100bfab2dfb
4. After navigating to the URL constructed in step 3, the List Settings for the relevant list appears.
5. Navigate to Permissions for this list to check and update permissions for the user who lacks permissions to execute the workflow.
Alternatively, if there is a desire to NOT grant permissions to the user in question, add an Action Set. Configure the Action Set to 'Run contained actions at elevated app permissions'. Nest all following workflows actions within the Action Set. This allows workflow actions to execute under the context of the SharePoint App account rather than the workflow initiator.
Error Code
HTTP Forbidden to https://xxxxx.sharepoint.com/SubSite/_api/web/lists(guid'87d30f08-7f60-4b17-b144-a100bfab2dfb')/Items(2277) Correlation Id: b809e04e-6ecd-f523-8037-e5e6609b288b Instance Id: 977093d3-2e59-4de6-b9d3-46006167bbfe Access denied. You do not have permission to perform this action or access this resource. Retry now or An unhandled exception occurred during the execution of the workflow instance. Exception details: System.ApplicationException: HTTP 403 {“error”:”code”:”-2147024891, System.UnauthorizedAccessException”,”message”:{“lang”:”en-US”,”value”:”Access denied. You do not have permission to perform this action or access this resource.”}}}
Additional Information
If storing the access token in a variable make sure no additional spaces are being added. Using the trim function on the variable that stores the access token removes invisible spaces that get inserted when dynamically getting data from fields from within the workflow.
Related Links
