Tuesday, August 05, 2014

REST API SharePoint App Permission - Part 2

Continuation of my first part


REST API - SharePoint App - Part 1

& MERGE

Here we learn how to set the permission for the SharePoint app in the specific scope.
When you tried to execute the code from part 1,you'll get the "Access denied error" or forbidden error in your Response header.

Because of our app doesn't have permission to access the list in the SharePoint.

Brief about "SharePoint App Permission" in simple words,

SharePoint App need to have permission to write or read in the SharePoint Site even though currently logged in user having site collection administrator.

This is an another security layer introduced in app deployment.

Its an analogue to mobile app installation on your devices,before installing them you need grant the access to your storage,location and some time reading your contacts in phone list.

An app for SharePoint has its own identity and is associated with a security principal, called an app principal.
When you granting permission to your sharepoint app through GUI, your AppManifest.xml file will be updated the below scope URI in the "AppPermissionRequests"

//Site collection Permission
http://sharepoint/content/sitecollection
//Subsite permission
http://sharepoint/content/sitecollection/web
//List permission
http://sharepoint/content/sitecollection/web/list
Tenant permission
http://sharepoint/content/tenant

App Permissions are
Read
Write
Manage
FullControl