SharePoint 2013 App Permissions Scope

If you started in creating a new “SharePoint App” in SharePoint 2013 which required permissions to Write into one or many lists the host-web, you instantly realized that it is not possible to specify which Lists/Libraries should be given permissions to Write.

That is because the Security model (controllable via the AppManifest.xml) does not work like that, but rather uses “Scope” as follows:

For a Single List (for which user will be prompted the 1st time he/she is trying to access the App)

<AppPermissionRequests>
  <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Write" />
</AppPermissionRequests>
or for the whole Web – this being the Maximum level (Highest scope available), which is also due to the Cloud-App security model (remember your Cloud-app would run in its own SPWeb, automatically created for you upon application deployment/installation, which confers also a Domain Isolation)
<AppPermissionRequests>
  <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Write" />
</AppPermissionRequests>
So, keep this in mind for your next SharePoint hosted App.
Advertisements

One response to “SharePoint 2013 App Permissions Scope

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s