“The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope” error while publishing SharePoint 2013 workflows using SharePoint Designer 2013


Scenario: Consider creating a SharePoint 2013 workflow and while publishing you receive “The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope” error.

Error in fiddler
POST https://<Site URL>/_vti_bin/client.svc/ProcessQuery HTTP/1.1
Date: Fri, 21 Apr 2017 18:09:41 GMT
MIME-Version: 1.0
Accept: */*
X-RequestForceAuthentication: true
X-RequestDigest: 0xA17F63D097A8EADBA2EC36CFAF8B1F978EDEE81350DE11A167F062732783488D3DCAC1BC57C5193807679BCD4FAA1D510392C6E52C8696C5A6EF83D8F26C79D8,21 Apr 2017 18:09:40 -0000
User-Agent: Mozilla/4.0 (compatible; MS FrontPage 15.0)
Host: teamdev2013.borderstates.com
Accept-Language: en-us, en;q=0.1
Accept: auth/sicily
X-FORMS_BASED_AUTH_ACCEPTED: T
Content-Length: 773
Content-Type: text/xml
X-Vermeer-Content-Type: text/xml
Accept-encoding: gzip, deflate
Connection: Keep-Alive
Cache-Control: no-cache

<Request AddExpandoFieldTypeSuffix=”true” SchemaVersion=”15.0.0.0″ LibraryVersion=”15.0.0.0″ ApplicationName=”.NET Library” xmlns=”http://schemas.microsoft.com/sharepoint/clientquery/2009″><Actions><Method Name=”PublishDefinition” Id=”6111″ ObjectPathId=”4823″><Parameters><Parameter Type=”Guid”>{48f24bb8-be57-47e3-8cb6-2463268b1c80}</Parameter></Parameters></Method></Actions><ObjectPaths><Method Id=”4823″ ParentId=”4819″ Name=”GetWorkflowDeploymentService” /><Constructor Id=”4819″ TypeId=”{4ccc7f0e-bf7e-4477-999c-6458a73d0039}”><Parameters><Parameter ObjectPathId=”3″ /></Parameters></Constructor><Identity Id=”3″ Name=”740c6a0b-85e2-48a0-a494-e0f1759d4aa7:site:f49e044d-949f-4ddf-bcab-7bac63c205bc:web:77851493-24d0-41a2-babb-4dc3db86a3eb” /></ObjectPaths></Request>
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-SharePointHealthScore: 0
SPClientServiceRequestDuration: 126
X-AspNet-Version: 4.0.30319
SPRequestGuid: 163eea9d-6a47-4040-948b-13a14760baee
request-id: 163eea9d-6a47-4040-948b-13a14760baee
X-RequestDigest: 0xA17F63D097A8EADBA2EC36CFAF8B1F978EDEE81350DE11A167F062732783488D3DCAC1BC57C5193807679BCD4FAA1D510392C6E52C8696C5A6EF83D8F26C79D8,21 Apr 2017 18:09:40 -0000
X-FRAME-OPTIONS: SAMEORIGIN
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 15.0.4675.1000
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
Date: Fri, 21 Apr 2017 18:09:39 GMT
Content-Length: 830

[
{
“SchemaVersion”:”15.0.0.0″,”LibraryVersion”:”15.0.4763.1000″,”ErrorInfo”:{
“ErrorMessage”:”System.InvalidOperationException: Operation failed with error System.UnauthorizedAccessException: The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope. HTTP headers received from the server – ActivityId: 60a96928-f3ca-40d1-a4f5-3fa7b3f77f26. NodeId: SPDEV01. Scope: \u002fSharePoint\u002fdefault\u002ff49e044d-949f-4ddf-bcab-7bac63c205bc. Client ActivityId : 163eea9d-6a47-4040-948b-13a14760baee. —> System.Net.WebException: T”,”ErrorValue”:null,”TraceCorrelationId”:”163eea9d-6a47-4040-948b-13a14760baee”,”ErrorCode”:-2130575223,”ErrorTypeName”:”Microsoft.SharePoint.SPException”
},”TraceCorrelationId”:”163eea9d-6a47-4040-948b-13a14760baee”
}
]

ULS error from its correlation ID
04/21/2017 13:09:40.57 w3wp.exe (SERVER:0x1F88) 0x5EF0 SharePoint Server General 7888 Warning
A runtime exception was detected. Details follow. Message: The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope. HTTP headers received from the server – ActivityId: 60a96928-f3ca-40d1-a4f5-3fa7b3f77f26. NodeId: SERVER. Scope: /SharePoint/default/f49e044d-949f-4ddf-bcab-7bac63c205bc. Client ActivityId : 163eea9d-6a47-4040-948b-13a14760baee. Technical Details: System.UnauthorizedAccessException: The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope. HTTP headers received from the server – ActivityId: 60a96928-f3ca-40d1-a4f5-3fa7b3f77f26. NodeId: SPDEV01. Scope: /SharePoint/default/f49e044d-949f-4ddf-bcab-7bac63c205bc. Client ActivityId : 163eea9d-6a47-4040-948b-13a14760baee. —> System.Net.WebException: The remote server returned an error: (403) Forbidden.
at Microsoft.Workflow.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.Workflow.Client.HttpGetResponseAsyncResult`1.End(IAsyncResult result)
at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest request, T content) –
— End of inner exception stack trace —
at Microsoft.Workflow.Client.ClientHelpers.SendRequest[T](HttpWebRequest request, T content)
at Microsoft.Workflow.Client.WorkflowManagementClient.SendRequest[T](HttpWebRequest request, T content)
at Microsoft.Workflow.Client.ScopeManager.PublishScopeInternal(ScopeDescription description, String[] pathSegments)
at Microsoft.Workflow.Client.ScopeManager.PublishChildScope(String childScopeName, ScopeDescription description)
at Microsoft.SharePoint.WorkflowServices.SPWebWorkflowSecurityContext.CreateServiceGroup(String scopeAddress, ScopeDescription serviceGroup)
at Microsoft.SharePoint.WorkflowServices.SPWebWorkflowSecurityContext.CreateOrUpdateServiceGroup(SPWeb lookupWeb, SPAppPrincipal app)
163eea9d-6a47-4040-948b-13a14760baee

Cause: This is a know issue with Workflow Manager
Known Issues in Workflow Manager 1.0

Solution: Run the client application using elevated permissions and run these commands to solve the issue.

On WFM server
$sec = New-Object Microsoft.Workflow.Client.Security.WindowsSecurityConfiguration("All Users") 
$sec.WorkflowAdminGroupName = "Users" 
Set-WFScopeSecurity -ScopeUri https://<WFM server FQDN>:12290/ -SecurityConfiguration $sec
On SP server 
Register-SPWorkflowService –SPSite "https://<Site URL>/" –WorkflowHostUri "https://<WFM server FQDN>:12290/" –AllowOAuthHttp –Force

Refer this article for more information: https://msdn.microsoft.com/en-us/library/jj193462(v=azure.10).aspx

Comments (0)

Skip to main content