Jean Paul's Blog

There are 2 types of People in the World, One who Likes SharePoint and..

    Advertisements
  • Microsoft MVP

  • MindCracker MVP

  • CodeProject MVP

  • eBook on SharePoint 2010

  • eBook on Design Patterns

  • eBook on Windows Azure

  • NLayers Framework @ CodePlex

  • MSDN Forums

  • .Net vs. Java

    Due to Public Demand
  • Advertisements

3 Types of App Authorization Policies

Posted by Paul on May 24, 2015


In this post we can explore the 3 types of App Authorization Policies.

User-Only Policy

When this policy is used, the current user permission is checked. For example, if the user does not have permission in a list & the app tried to modify list item, it can raise a Security exception.

This policy is the default in SharePoint 2010.

App-Only Policy

When this policy is used, the app policy is checked while accessing resources. For example, if the app does not have Manage permission in a site & the app tried to create a list in the site, it raises a Security exception.

User+App Policy

When this policy is used, the app & user policy are checked using AND condition. For example, if the app has permission & user does not have, it raises a Security exception.

For remote hosted apps, this policy is apt.

Setting the Policy

We can set the policy in the App Manifest file. Please follow the steps below to perform policy setting.

Create a new SharePoint App project of type SharePoint Hosted App. From the Solution Explore, Open the App.Manifest in code view as shown below.

image

Add a new tag AppPermissionRequests as shown below.

image

For AppOnlyPolicy set the following.

<AppPermissionRequests AllowAppOnlyPolicy=”true”></AppPermissionRequests>

You can also use the XML editor for the manifest file for setting Site/Web permissions.

image

References

https://msdn.microsoft.com/en-us/library/office/fp179892.aspx

Summary

In this post we have explored the 3 types of App Authorization Policies.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s