Requesting permissions for API use in add-ins
This article describes the different permission levels that you can declare in your content or task pane add-in's manifest to specify the level of JavaScript API access your add-in requires for its features.
Note
To learn about permission levels for mail (Outlook) add-ins, see Outlook permissions model.
Permissions model
A five-level JavaScript API access-permissions model provides the basis for privacy and security for users of your content and task pane add-ins. Figure 1 shows the five levels of API permissions you can declare in your add-in's manifest.
Figure 1. The five-level permission model for content and task pane add-ins
These permissions specify the subset of the API that the add-in runtime will allow your content or task pane add-in to use when a user inserts, and then activates (trusts) your add-in. To declare the permission level your content or task pane add-in requires, specify one of the permission text values in the Permissions element of your add-in's manifest. The following example requests the WriteDocument permission, which will allow only methods that can write to (but not read) the document.
<Permissions>WriteDocument</Permissions>
As a best practice, you should request permissions based on the principle of least privilege. That is, you should request permission to access only the minimum subset of the API that your add-in requires to function correctly. For example, if your add-in needs only to read data in a user's document for its features, you should request no more than the ReadDocument permission.
The following table describes the subset of the JavaScript API that is enabled by each permission level.
Permission | Enabled subset of the API |
---|---|
Restricted | The methods of the Settings object, and the Document.getActiveViewAsync method. This is the minimum permission level that can be requested by a content or task pane add-in. |
ReadDocument | In addition to the API allowed by the Restricted permission, adds access to the API members necessary to read the document and manage bindings. This includes the use of:
|
ReadAllDocument | In addition to the API allowed by the Restricted and ReadDocument permissions, allows the following additional access to document data.
|
WriteDocument | In addition to the API allowed by the Restricted permission, adds access to the following API members.
|
ReadWriteDocument | In addition to the API allowed by the Restricted, ReadDocument, ReadAllDocument, and WriteDocument permissions, includes access to all remaining API supported by content and task pane add-ins, including methods for subscribing to events. You must declare the ReadWriteDocument permission to access these additional API members:
|
See also
Office Add-ins
피드백
https://aka.ms/ContentUserFeedback
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요.다음에 대한 사용자 의견 제출 및 보기