User has the contribute permission but get access denied when the workflow tried to create a list item

Question

SharePoint O365

The user has been granted contribute permission to Audit log list. Then the user creates an item which triggers Nintex workflow to create audit log item.

The workflow initiator/the user above has been granted Read Write No delete permission on the Audit log list but the workflow keeps failing at creating the item, complaining about access denied.

HTTP Forbidden to https://..../site/_api/web/lists(guid'xxxxxxxxx') - Audit log list
Access denied. You do not have permission to perform this action or access this resource.

The workflow initiator permission is granted through AD group in a SharePoint group.
Checking permission shows the workflow initiator has read write no delete permission

Answer 1

Hi @Wan Feng ,

To narrow down this issue, I have a check list for you.

• Make sure the feature “Limited-access user permission lockdown mode” is not activated. You can check it under Site settings > Site collection features under Site Collection Administration
  
• Make sure the feature “Workflows can use app permissions” is activated. You can check it under Site settings > Manage site features under Site Actions
  
• Clear SharePoint Designer 2013 cache to have a try. Please take a reference to this article: How to Clear Your SharePoint Designer 2010/2013 Cache.

  ---

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Allen,

Thanks for helping.

“Workflows can use app permissions” is active

feature “Limited-access user permission lockdown mode” is activated. Since it is activated by default, I am not comfortable to change with causing issues.