Office 365 Enterprise Preview – Permissions on list type in an app

4 Sep

When developing an app for SharePoint permissions can be set on items in the host web, such as access to lists. The host web is the website to which an app for SharePoint is installed.

An app for SharePoint has its own identity and is associated with a security principal, called an app principal. Like users and groups, an app principal has certain permissions and rights. The app principal has full control rights to the app web so it only needs to request permissions to SharePoint resources in the host web or other locations outside the app web.

Using Microsoft Napa Office 365 Developer Tools these permissions can be set in the properties of the app using some kind of slider.

After installing the app this is the result:

The user can select one list out of all available lists the user has access to.

A better approach would be to help the user pick a specific (kind of) list, not letting the user pick from all lists in the web. This can be accomplished by editing the AppManifest in Visual Studio through a nice looking designer:

At the Permission requests section the column Properties a BaseTemplateId can be filled in to filter the lists the user can choose from. The BaseTemplateId is the numerical equivalent of the list base template, for example 100 represents a generic list, 101 a document library.

In xml this looks like:

  <AppPermissionRequests>
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Read" >
      <Property Name="BaseTemplateId" Value="101" />
    </AppPermissionRequest>
  </AppPermissionRequests>

This results in the following list:

It looks like multiple properties can be defined, and you can:

but an additional BaseTemplateId won’t recognized and the filter of list types isn’t amended to the property settings.

You aren’t able to add another List scoped permission request in the designer, other scoped items can be added, also once per AppManifest.

The xml can be amended with another List scoped permission request, but only the first one defined is active.

One gotcha: Once the app is installed and permissions link is selected there is no possibility to view the list its current permission setting. The first list in the dropdown is selected…

For example Trust library Site Assets:

Request permissions of the app:

And the first library is selected… hope Microsoft is going to fix this one…

Disclaimer: SharePoint 2013 is in preview at time of this writing, so things may change between now and release date.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.