Hi All,
Could anyone please confirm my understanding with app permissions?
In case "http://sharepoint/content/sitecollection"= Manage permission, if current user don't have access to a list in host web, will he be able to add column in list?
As per my understand, with JSOM runs with current user principal then code will fail but if JSOM code runs with app principal then i suppose JSOM code will should be able to add the columns.
"http://sharepoint/content/tenant"= Manage permission,
As per my understand, it means that if JSOM code runs with app principal, then JSOM code can add columns in any list across tenant. let assume one tenant has 5 site collections, in one site collection app is installed. in app web there
is page that has JSOM code. with this permission, code can add columns in any list existing in any of the site collection. if code run with current user principal then code can add columns only if that user has permission on that list.
"http://sharepoint/social/tenant" = Manage permission.
As per my understand, with this permission code that run with app principal can manage the social cloud across tenant e.g. code can do CRUD operation on social tags.
Let say app has following permissions
"http://sharepoint/search" = "QueryAsUserIgnoreAppPrincipal"
"http://sharepoint/content/tenant" = "Read"
As per my understand, with these permissions if code runs with app principal then search query will be performed across the tenant in search index. while doing the search app principal will be ignored so security trimming will not happen.
if my understand is correct then if we require security trimming then how we will manage?
let say app has following permissions
"http://sharepoint/bcs/connection" = "Read"
"http://sharepoint/content/tenant" = "Read"
As per my understand, with these permissions if code runs with app prinicipal code can read the data from any external list across the tenant. if tenant has 5 collections, code would be able to read any external list that existing in these 5 site collection.
Amit - Our life is short, so help others to grow.....
Whenever you see a reply and if you think is helpful, click ♥Vote As Helpful♥ And whenever you see a reply being an answer to the question of the thread, click ♥Mark As Answer♥