SharePoint online custom list access rest service block

harpal rana 1 Reputation point
2021-10-07T08:18:52.58+00:00

I have SharePoint online portal. User is looking to secure the custom list where they don't want end-user to have direct permission to list but only interaction of list should be through a custom interface. The idea is to block User access since some of the users were able to run rest service and get data.

Please suggest is there possible workaround of this without impacting the speed of custom interfaces.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,409 questions
{count} votes

3 answers

Sort by: Most helpful
  1. RaytheonXie_MSFT 30,186 Reputation points Microsoft Vendor
    2021-10-08T02:29:29.907+00:00

    Hi @harpal rana ,
    As far as I know ,there is no such way to disable rest service in sharepoint online. Users can access rest service with only read permission. If we remove the read permission ,the list also unavailable for them. We can just block rest service in sharepoint server but not sharepoint online. We can set IIS URL Rewrite Rule to redirect users to other site by edit web.config in server, but we are unable to do this in sharepoint online.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. harpal rana 1 Reputation point
    2021-10-08T08:03:17.15+00:00

    thank you @RaytheonXie_MSFT for your response. Can you please suggest workaround where I can develop my custom SharePoint online application without giving any access of back end custom list to user. We want to avoid using SharePoint on-premise or server side development.


  3. RaytheonXie_MSFT 30,186 Reputation points Microsoft Vendor
    2021-10-12T09:02:15.85+00:00

    Hi @harpal rana ,
    We can grant access using SharePoint App-Only. Please set permission with list like following

    <AppPermissionRequests AllowAppOnlyPolicy="true">  
      <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="FullControl" />  
    </AppPermissionRequests>  
    

    Then use client id and client secret to access sharepoint online
    Please refer to the following link to grant access
    https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
    following link for permission level
    https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint