How to view updated permissions of a sharepoint Add-in

Mark 0 Reputation points
2023-04-19T06:02:14.6433333+00:00

I have reduced permission scope of a Sharepoint add-in by following the steps mentioned here: https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint#managing-and-troubleshooting-add-in-permissions.

Previous permission scopes:

  <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="FullControl" />
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage" />
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Manage" />
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Manage"/>
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Manage" />
  </AppPermissionRequests>

Updated Permission scopes:

  <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="Read" />
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Read" />
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Read" />
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read"/>
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Read" />
  </AppPermissionRequests>

How can I ensure the newly added permissions are getting reflected in the add-in ? Is there a place where I can view this ?

I am seeing the following window in the app details page:
########################
Do you trust <app> ?

Your tenant administrator has to approve this app. Let it read items in all site collections.  Let it read items in this site collection. Let it read items in this site. Let it read items in the list: Let it share its permissions with other users. Let it access basic information about the users of this site. Allow application access to user profiles: Read
 #########################

But the Trust button is disabled. How can I enable the trust button ? Screenshot 2023-04-19 at 11.40.00 AM

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,875 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 32,241 Reputation points Microsoft Vendor
    2023-04-20T05:30:54.8233333+00:00

    Hi @Mark, Currently, there is no such function to get the list of app permission. You can only get a list of app by following url

    https://xxx.sharepoint.com/sites/test/_layouts/15/AppPrincipals.aspx
    
    

    For new tenants, apps using an ACS app-only access token is disabled by default. This might cause the trust it button is grey out. We can run following cmdlet to enable this feature

    set-spotenant -DisableCustomAppAuthentication $false
    
    

    This will need latest SharePoint admin PowerShell

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.