App Step in SharePoint 2013 Designer Workflow

This SharePoint workflow tutorial explains, App Step in SharePoint 2013 designer workflow. If you have worked on or if you have used the “Impersonation Step” in the SharePoint designer 2010 workflow then surely you will need this step. Because “Impersonation Step” is deprecated in SharePoint Designer 2013. And in SharePoint 2013 designer workflows, we have to use App Steps.

SharePoint 2013 designer workflow runs under the permissions of the user who published the workflow. But the user may not have permission to do some elevated permissions task. In those cases, if you will not use elevated permissions then the workflow will fail. In SharePoint 2010 we can achieve this by using the “Impersonation Step“. But in SharePoint 2013 Impersonation Step is deprecated and the alternative to this, we can use the App Step.

Any actions placed inside an App Step will have Read/Write permissions to all items on the site. Unlike the impersonation step, the advantages of the App Step are that we can run the step with elevated permissions at the required position in the workflow rather than having to have the whole workflow.

To use App Step, first, we need to activate “Workflows can use app permissions” site feature. This feature allows workflows to read from and write to all the items on the site. You can go to Settings -> Site settings.

Then on the Site Settings page, click on “Manage site features” under the Site Actions section. In the “Site Features” page, search for the “Workflows can use app permissions” feature and click on “Activate” if it has not been activated.

App Step in SharePoint 2013 Designer Workflow
App Step in SharePoint 2013 Designer Workflow

SharePoint Designer Workflow App Step Example

In this example, I have one list and when the user submits one item into the list, one item will be created on a different list. In the second list, only a few people will have access. So we have created one SharePoint 2013 list workflow in the first list.

We have used here Create item in a List action. We choose here the second list name and the value of Title field we are putting in the second Title list Title. See fig below:

SharePoint workflow app step
SharePoint workflow app step

So our workflow looks like below:

app step in sharepoint 2013 workflow
app step in SharePoint013 workflow

Here two different users added an item to the list, First user which has Contribute access to the second list. When this user added an item to the first list, workflow triggers and completed successfully. Also, it created one item in the second list.

But when another user added an item to the list, the workflow started but it went to suspended state. Because the user has only read access to the second list.

sharepoint 2013 workflow impersonation step
sharepoint 2013 workflow impersonation step

Now I have changed the workflow and added an App Step and added the Create Item… workflow section inside the App Step. Looks like fig below:

sharepoint 2013 workflow impersonation step
sharepoint 2013 workflow impersonation step

Now when you publish the workflow, it will ask for a confirmation dialog box like below:
By publishing this workflow, conditions and actions inside App Steps will run using only application credentials. Only continue if this is the intended behavior“. It looks like below:

sharepoint 2013 workflow impersonation step
SharePoint 2013 workflow impersonation step

Then go to the workflow settings and uncheck “Automatically update the workflow status to the current stage name” like below:

app step in sharepoint 2013 workflow
app step in SharePoint 2013 workflow

Impersonation step missing in SharePoint 2013 Workflow

Here we will discuss the issue “Impersonation step missing in SharePoint 2013 Workflow“. The impersonation step is the concept of SharePoint 2010 and the workflow action was available in SharePoint designer 2010.

But this action is not available in SharePoint 2013 workflow platform.

A SharePoint designer workflow runs under the permission of the user who started the workflow. But in some steps, the workflow may require the user to have some more permission. If elevated permissions are not used in those steps then the workflow will not work with access denied error.

In those cases in SharePoint 2010 “Impersonation step” was helpful. But in SharePoint 2013 a similar step is available known as “App Step”. Any actions placed inside an App Step will have Read/Write permissions to all Items in the site, such as site lists.

Let us say we have a requirement like below:

I have two document libraries and if a user uploads one document to one library, I want the document to be copied to my second document library. But as per my requirement, I can not provide contribute access to anyone except a few people into my second document library. But you need to contribute access to copy item.

In the above kind of requirement, we can use the app step and we can add the copy document activity inside the App Step.

If you are not able to see the “App Step” inside SharePoint 2013 designer workflow then make sure the below feature is activated like below:

  • Workflows can use app permissions
Impersonation step missing in SharePoint 2013 Workflow
Impersonation step missing in SharePoint 2013 Workflow

If it is not activated, activate it and then open SharePoint 2013 designer. You should be able to see the app step in the SharePoint designer workflow.

You may like following SharePoint workflow tutorials:

Now after this when the user has read access to the second list added one item in the first list, workflow triggers, and completed successfully.

  • Hi Bijay,
    Thanks for sharing useful article. Appreciated! I have a question regarding App Step, I tried to use this App Step to add item level permissions, but it’s not working. Is there any limitation for App Step in SharePoint Designer 2013 workflow.

  • >