"The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope" error while publishing SharePoint 2013 workflows using SharePoint Designer 2013
Scenario: Consider creating a SharePoint 2013 workflow and while publishing you receive "The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope" error.
Error in fiddler
POST https://<Site URL>/_vti_bin/client.svc/ProcessQuery HTTP/1.1
Date: Fri, 21 Apr 2017 18:09:41 GMT
MIME-Version: 1.0
Accept: */*
X-RequestForceAuthentication: true
X-RequestDigest: 0xA17F63D097A8EADBA2EC36CFAF8B1F978EDEE81350DE11A167F062732783488D3DCAC1BC57C5193807679BCD4FAA1D510392C6E52C8696C5A6EF83D8F26C79D8,21 Apr 2017 18:09:40 -0000
User-Agent: Mozilla/4.0 (compatible; MS FrontPage 15.0)
Host: teamdev2013.borderstates.com
Accept-Language: en-us, en;q=0.1
Accept: auth/sicily
X-FORMS_BASED_AUTH_ACCEPTED: T
Content-Length: 773
Content-Type: text/xml
X-Vermeer-Content-Type: text/xml
Accept-encoding: gzip, deflate
Connection: Keep-Alive
Cache-Control: no-cache
<Request AddExpandoFieldTypeSuffix="true" SchemaVersion="15.0.0.0" LibraryVersion="15.0.0.0" ApplicationName=".NET Library" xmlns="https://schemas.microsoft.com/sharepoint/clientquery/2009"><Actions><Method Name="PublishDefinition" Id="6111" ObjectPathId="4823"><Parameters><Parameter Type="Guid">{48f24bb8-be57-47e3-8cb6-2463268b1c80}</Parameter></Parameters></Method></Actions><ObjectPaths><Method Id="4823" ParentId="4819" Name="GetWorkflowDeploymentService" /><Constructor Id="4819" TypeId="{4ccc7f0e-bf7e-4477-999c-6458a73d0039}"><Parameters><Parameter ObjectPathId="3" /></Parameters></Constructor><Identity Id="3" Name="740c6a0b-85e2-48a0-a494-e0f1759d4aa7:site:f49e044d-949f-4ddf-bcab-7bac63c205bc:web:77851493-24d0-41a2-babb-4dc3db86a3eb" /></ObjectPaths></Request>
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-SharePointHealthScore: 0
SPClientServiceRequestDuration: 126
X-AspNet-Version: 4.0.30319
SPRequestGuid: 163eea9d-6a47-4040-948b-13a14760baee
request-id: 163eea9d-6a47-4040-948b-13a14760baee
X-RequestDigest: 0xA17F63D097A8EADBA2EC36CFAF8B1F978EDEE81350DE11A167F062732783488D3DCAC1BC57C5193807679BCD4FAA1D510392C6E52C8696C5A6EF83D8F26C79D8,21 Apr 2017 18:09:40 -0000
X-FRAME-OPTIONS: SAMEORIGIN
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 15.0.4675.1000
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 21 Apr 2017 18:09:39 GMT
Content-Length: 830
[
{
"SchemaVersion":"15.0.0.0","LibraryVersion":"15.0.4763.1000","ErrorInfo":{
"ErrorMessage":"System.InvalidOperationException: Operation failed with error System.UnauthorizedAccessException: The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope. HTTP headers received from the server - ActivityId: 60a96928-f3ca-40d1-a4f5-3fa7b3f77f26. NodeId: SPDEV01. Scope: \u002fSharePoint\u002fdefault\u002ff49e044d-949f-4ddf-bcab-7bac63c205bc. Client ActivityId : 163eea9d-6a47-4040-948b-13a14760baee. ---> System.Net.WebException: T","ErrorValue":null,"TraceCorrelationId":"163eea9d-6a47-4040-948b-13a14760baee","ErrorCode":-2130575223,"ErrorTypeName":"Microsoft.SharePoint.SPException"
},"TraceCorrelationId":"163eea9d-6a47-4040-948b-13a14760baee"
}
]
ULS error from its correlation ID
04/21/2017 13:09:40.57 w3wp.exe (SERVER:0x1F88) 0x5EF0 SharePoint Server General 7888 Warning
A runtime exception was detected. Details follow. Message: The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope. HTTP headers received from the server - ActivityId: 60a96928-f3ca-40d1-a4f5-3fa7b3f77f26. NodeId: SERVER. Scope: /SharePoint/default/f49e044d-949f-4ddf-bcab-7bac63c205bc. Client ActivityId : 163eea9d-6a47-4040-948b-13a14760baee. Technical Details: System.UnauthorizedAccessException: The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope. HTTP headers received from the server - ActivityId: 60a96928-f3ca-40d1-a4f5-3fa7b3f77f26. NodeId: SPDEV01. Scope: /SharePoint/default/f49e044d-949f-4ddf-bcab-7bac63c205bc. Client ActivityId : 163eea9d-6a47-4040-948b-13a14760baee. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.
at Microsoft.Workflow.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.Workflow.Client.HttpGetResponseAsyncResult`1.End(IAsyncResult result)
at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest request, T content) -
-- End of inner exception stack trace ---
at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest request, T content)
at Microsoft.Workflow.Client.WorkflowManagementClient.SendRequest[T](HttpWebRequest request, T content)
at Microsoft.Workflow.Client.ScopeManager.PublishScopeInternal(ScopeDescription description, String[] pathSegments)
at Microsoft.Workflow.Client.ScopeManager.PublishChildScope(String childScopeName, ScopeDescription description)
at Microsoft.SharePoint.WorkflowServices.SPWebWorkflowSecurityContext.CreateServiceGroup(String scopeAddress, ScopeDescription serviceGroup)
at Microsoft.SharePoint.WorkflowServices.SPWebWorkflowSecurityContext.CreateOrUpdateServiceGroup(SPWeb lookupWeb, SPAppPrincipal app)
163eea9d-6a47-4040-948b-13a14760baee
Cause: This is a know issue with Workflow Manager
Known Issues in Workflow Manager 1.0
Solution: Run the client application using elevated permissions and run these commands to solve the issue.
On WFM server
$sec = New-Object Microsoft.Workflow.Client.Security.WindowsSecurityConfiguration("All Users")
$sec.WorkflowAdminGroupName = "Users"
Set-WFScopeSecurity -ScopeUri https://<WFM server FQDN>:12290/ -SecurityConfiguration $sec
On SP server
Register-SPWorkflowService –SPSite "https://<Site URL>/" –WorkflowHostUri "https://<WFM server FQDN>:12290/" –AllowOAuthHttp –Force
Refer this article for more information: https://msdn.microsoft.com/en-us/library/jj193462(v=azure.10).aspx