Friday 18 October 2024

Limiting access to SharePoint for custom app access using Sites.Selected

Limiting access to SharePoint for custom app access using Sites.Selected (mscrm-addons.com)

Limiting access to SharePoint for custom app access using Sites.Selected

 

When choosing custom AppAccess, you can limit the scope of access to Sharepoint by using the Sites.Selected privilege. Sites.Selected does not grant any privileges on its own, but allows you to manually define the access for the app.

Note: Without privileges, an app with Sites.Selected cannot logon to Sharepoint.

Granting privileges via PowerShell

powershell screenshot
Figure 1: An example screenshot of PowerShell

To grant privileges, you will first need to enter the following line of code in order to allow PowerShell to communicate with SharePoint:

Import-Module PnP.PowerShell

Then, you will need to enter the next line of code to connect PowerShell to your SharePoint, replacing <YourSharepoint> with your SharePoint URL.

Connect-PnPOnline -Url <YourSharepoint> -Interactive

Once entered, you will need to grant PowerShell permission via a connection dialog. This will allow PowerShell to manage Sharepoint.

connection dialog
Figure 2: A portion of the permissions dialog

After PowerShell has been permitted to connect, you can grant permissions for your app through the following line of code (replacing any tags with brackets with your own values):

Grant-PnPAzureADAppSitePermission -AppId <AppId> -DisplayName <AppDisplayName> -Site <YourSharepoint> -Permissions <Permission>

The possible permissions that can be granted by replacing the <Permission> tag are as follows:

  • Read
  • Write – Save to Sharepoint, but cannot create OnBehalfOfColumn to reflect the user initiating the save
  • Manage – Save to Sharepoint and create OnBehalfOfColumn to reflect the user initiating the save
  • FullControl

Revoke privilege

To revoke privileges, you can use the following code:

Revoke-PnPAzureADAppSitePermission -PermissionId <Id>

Note: Revoke does not prompt any error if the specified Id does not exist. Always verify if the privileges are as desired by checking the granted privileges.

Check granted privileges

To check privileges, you can use the following code:

Get-PnPAzureADAppSitePermission -AppIdentity <AppId>

That’s it! We appreciate your feedback! Please share your thoughts by sending an email to support@mscrm-addons.com.

 

Posted by at

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)

Blog Archive