What permissions are required for a Sharepoint-only App to use the GetUserEffectivePermissions API?

Parekh, Soham 40 Reputation points
2023-07-11T12:00:55.84+00:00

Hi,

I'm writing some automation which needs to be able to check what permissions a user has on a given file. For this, I'm setting up a SharePoint App (ref). Which is the least privileged scope that can work for this use-case?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,677 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,970 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ChengFeng - MSFT 5,020 Reputation points Microsoft Vendor
    2023-07-12T01:44:44.4433333+00:00

    Hi @Parekh, Soham

    For your scenario, the least privilege scope is "Read" permissions. With the "read" permission, you can check that the user has permission to access the file, but not allow actions such as modifying, deleting, or uploading the file. This ensures that your automation can only view the file's permissions and not make any unnecessary modifications to the file.

    like this:

    User's image

    User's image

    User's image

    Note that the "read" permission only allows viewing the file's contents and properties, not editing or downloading the file. If your automation requires further actions, such as editing files or downloading files, you may need to grant more advanced permissions, such as "Edit" or "Full Control" permissions.

    Make sure you specify the required permission scopes explicitly when configuring your SharePoint app to avoid giving too high or too low permissions. This ensures your automations get the access they need while minimizing unnecessary permissions


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards

    Cheng Feng


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.