Forum Discussion
Why would a third party tool ask for permission to be able to add document libraries inside the site
We want to install a new app named "DocuSign" from the sharepoint store, but when i try to add the app i got this permission message:-
now the tool is used to secure/sign documents inside existing docuemnt libraries, so i am not sure why it would require permissions to create/delete document libraries? although when i add the tool to our test tenant, the tool did not create nor delete any document library. but the permission message made be worried, if we should install the tool to our live tenant!! can anyone advice on this? and is it a normal behavioure for third party tools to ask for such permissions?
7 Replies
- When you develop an Add-in, you have to configure required permissions as described here: https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint so if you want to know the specific reason why docusing
jcgonzalezmartin wrote:
When you develop an Add-in, you have to configure required permissions as described here: https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint so if you want to know the specific reason why docusingjcgonzalezmartin i did not develop this app.. this is a 3rd party app that i added from the sharepoint store..
- I know you did not develop the Add-In...I was just explaining how permissions work in SPO Add-ins. Since this is a third party Add-in, you should ask the maker why those permissions are required for the Add-in
Agreed, those permissions do seem rather overarching and far-reaching but I'd guess it's to do with the way this app integrates into SPO and it's necessitated with how it ties together with the added functionality. Those permissions may only be used to initialize the add-in and not used in normal operation, you'd have to get the vendor to explain for sure though!
Cian Allner wrote:Agreed, those permissions do seem rather overarching and far-reaching but I'd guess it's to do with the way this app integrates into SPO and it's necessitated with how it ties together with the added functionality. Those permissions may only be used to initialize the add-in and not used in normal operation, you'd have to get the vendor to explain for sure though!
ok thanks for the reply. so you mean end users who can use the Docusign app, will NOT be able to benefit from these "Extra" permissions to do actions they are not allow to do, such as add/delete document libraries? is this correct? for example a user with contribute permission, can use the DocuSign app, but at the same time the user can not use the app to add/delete document library ??
I think you are on the right track, doing your due diligence and asking the vendor to explain how permissions are used but almost certainly users will not get extra permissions like those listed in the screenshot as you have asked. That would certainly be a big flaw otherwise! I am relatively certain those permissions are just used internally, behind the scenes to add the integration in the first place but getting confirmation is a good idea.
