Understanding Permissions in SharePoint-Hosted Add-ins
SharePoint add-in as we also briefly discussed in this blog post is a self-contained piece of functionality that extends the capabilities of SharePoint websites to solve a well-defined business problem. – Microsoft
SharePoint add-ins are usually run from a tile on the Site Contents page of the site to which the add-in is installed, and most often than not, you may have the requirement to want to restrict access to its contents. For example, you may want to provide access to a content in the add-in to a specific group of users and restrict access to other users.
The file responsible for managing add-in permissions is the App.Manifest.xml file.
Also listed below are the rights for each of the permission scope:
- Read – Allows viewing of pages, list items, and downloading of documents
- Write – Allows viewing, adding, updating, and deleting items in lists and libraries
- Manage – Allows viewing, adding, updating, deleting, approving, as well as, customizing pages within a site
- Full Control – Grants full control within the specified scope
By default, the permissions in the host web, where the add-in is installed, is inherited in the app web, the current scope of the add-in. But there are cases that you have to incorporate data from different sources as well. For example, you need to get list items from the host web and use it in your add-in. There are security reasons that block communication with more than one domain at a time that might prevent you from doing that. The host web and add-in web domains are 2 different domains that you will usually see an Access Denied error when you try and do just above, make calls, or issue requests for resources on the host domain from the add-in.
Since permissions in SharePoint add-ins are granted when installed, there are times when add-in will have issues with the permissions. Regranting permissions is done by selecting the … button on the add-in tile. Select PERMISSIONS and click here link on the page.
We just touched a bit of what there is when it comes to permissions in SharePoint add-ins, but you may want to have these thing considered early on as you are building your add-ins so you will at least have the security part covered.
Send us your questions on SharePoint
Related Blog Post
We have attempted to have an in-depth understanding of how permissions work in SharePoint add-ins in a blog post here and have mentioned a thing or two about the need for the cross-domain library when doing cross-domain calls. When you have for example built an app...
Now available on "modern" SharePoint lists, column formatting is one way of applying custom formats to columns. Pretty much similar with the conditional formatting in Excel, column formatting makes it possible to apply styles to columns like CSS or modify the way data...
Information management policies are a set of rules that allows organizations to control content, such as setting retention period or defining actions that can be taken for a specific content. This helps organizations in enforcing regulations within their internal...