question

Taypos-6769 avatar image
0 Votes"
Taypos-6769 asked EmilyDu-MSFT commented

SharePoint permissions for application

Hi,
I am writing an application that has the following features create/modify/delete sites, (un)assign user permissions, upload and deploy webparts, allow sharing sites/documents with externals (guests).


This is all tested and possible with my application but my applications is using "Sharepoint Admin" permissions to accomplish this. This is way to much and I am in search of permissions/roles that are within the above mentioned scope.

I have looked into providing "site collection admin" but a site collection setup does not provide enough flexibility in assigning permissions to users to the sites and also it is only for predefined, pre-created sites while my application needs to be able to create several different sites.

So far this is the main goal.

Having sad that second goal is to add boundaries to this permission so that it will not have permission outside certain sites. The URL of these sites will be predefined and before they are created.


I have tried to accomplish this with:

AAD user with Sharepoint permissions but could not find anything better then "Sharepoint admin". Which has as mentioned before to much permissions.
Sharepoint Add-in but could not find anyway of setting the permissions to the above mentioned permission scope.
Azure App registration with ClientSecret or certificate but this way the allowed permissions by Azure are inadequate.
The limitations of this last point is described in the following article,

https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly


I hope that someone can help me find the correct way of accomplish this, as I am certain I have overlooked something.

sharepoint-dev
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

EmilyDu-MSFT avatar image
0 Votes"
EmilyDu-MSFT answered EmilyDu-MSFT commented

@Taypos-6769

Based on your description, I want to confirm with you whether the "SharePoint admin" permission described in the original post refers to the permission as below picture shows.

202273-image.png

To achieve above features in the application, SharePoint admin permission is required. And by default, SharePoint admin permission cannot be modified.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (38.9 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Taypos-6769

I’m checking how the things are going on about this issue. Whether the answer helps you?

If there is any problem with this issue, feel free to let me know.

0 Votes 0 ·

@Taypos-6769

I am looking forward to your feedback if there is any update.

Please remember to update this thread if you have any progress.

Thank you for your understanding.

0 Votes 0 ·