Security Concerns with App step in SP2013 workflow RRS feed

  • Question

  • I’m working on implementing a SP2013 workflow using webservices. It was working fine for all users except users with read access. For users with read access I have to manully kick off workflow. I’m planning to include a app step to elevate permission of the workflow so that it runs automatically. I’m also concerned at the same time about security ramifications at the global level if everyone can run the workflow. We have couple of 1000 users who might use this workflow. I know appstep is very powerful. How can I make sure this is tested for any security concerns before implementing at global level. Please let me know. I would highly appreciate any inputs.

    Thursday, April 6, 2017 5:22 PM


  • Hi Naveen- no need to worry. All you're doing is allowing the workflow to perform, not explicitly giving the user elevated permissions. IE: you're giving the workflow the permissions, not the user.

    cameron rautmann

    Thursday, April 6, 2017 8:00 PM