Setting SharePoint 2013 Workflow Permission at the Office 365 Tenant Level

One of the amazing things about the SharePoint Community is how willing participants are to share and help each other. Craig White asked a great question for how you might be able to have a SharePoint Designer Workflow create a subsite in a different site collection than where the workflow was running.

He had posted this question to a blog post that I had published last year: https://jaredmatfess.com/2016/05/04/creating-subsites-using-rest-api-from-sharepoint-designer-workflow/.

I forget when the question came in, but a weekend was somewhere in between and I did not get to it right away. This morning I was making a few tweaks to my blog and I noticed that I still had not addressed it. The short answer was of course you could – a quick way would be to enable the Workflow access to the target site collection using the instructions found on MSDN.

A few minutes later, I received another comment from Craig..

Hi Jared,

I found an easier way;
Instead of setting the workflow permission on each destination SC (we have over 350, so this would be time consuming), we can edit the XML for the AppPermissionRequest in the SC that houses the workflow to auto-provision the sites.

Therefore, instead of applying:
AppPermissionRequest Scope=”http://sharepoint/content/sitecollection” Right=”FullControl” />

We can apply:
AppPermissionRequest Scope=”http://sharepoint/content/tenant” Right=”FullControl” />

This bypasses the need for adding the WF as trusted for each SC & therefore only need to do the AppPermissionRequest in 1 place.

Happy days 🙂

I had not thought about setting permissions at the Office 365 Tenant level – but Craig absolutely did. I am going to go back to my original post and link back to this tidbit.

Super kudos to @cdwhite_1981 for figuring this out and allowing me to post while he builds out his blog. Be sure to follow him as well!

The SharePoint Community is amazing!

Leave a Reply

%d bloggers like this: