Forum Discussion
Solved
Full control app permission on one site works on Lists, but partially fails on another (same tenant)
Scenario:
We have a working InTapp application registered in Azure with an application ID and secret key, that Read/Writes/Updates Lists on a SharePoint Online site. However, when we attempt to use it on another site on the same tenant, it will return the metadata of the list, but will fail to return any information the list items. It's registered on both SPO sites with full control (via _layouts/15/AppInv.aspx)
App Permission
SAMPLESITE-WORKS (working):
Method: GET
URL: https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-WORKS/_api/web/lists/GetByTitle('ListOfPeople')
RESULT:
{"d":{"__metadata":{"id":"https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-WORKS/_api/Web/Lists(guid'b6dc17ea-e805-495a-9610-cf29e14cb000')","uri":"https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-WORKS/_api/Web/Lists(guid'b6dc17ea...
Method: GET
URL: https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-WORKS/_api/web/lists/GetByTitle('ListOfPeople')/items
RESULT:
{"d":{"results":[{"__metadata":{"id":"23df63b0-b494-44d3-a6b3-0c16ff531cbd","uri":"https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-WORKS/_api/Web/Lists(guid'b6dc17ea...
SAMPLESITE-DOES-NOT-WORK (not completely working):
Method: GET
URL: https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-DOES-NOT-WORK/_api/web/lists/GetByTitle('ListOfPeople')
RESULT:
{"d":{"__metadata":{"id":"https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-DOES-NOT-WORK/_api/Web/Lists(guid'28ffc036-b111-4c74-8921-2644b4bde1d9')","uri":"https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-DOES-NOT-WORK/_api/Web/Lists(guid'28ffc036...
Method: GET
URL: https://SAMPLEDOMAIN.sharepoint.com/sites/SAMPLESITE-DOES-NOT-WORK/_api/lists/GetByTitle('ListOfPeople')/items
RESULT:
{"d":{"results":[]}}
Do any of you have an idea why the "/items" end point would fail? Thanks in advance.
IshtarOnline - Thanks for taking a stab at it. Sorry for the delay in responding. Actually, it something insanely dumb. On our site - in the permissions XML, we created is as:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequestScope="https://SAMPLESITE.sharepoint.com/sites/SAMPLE"
Right="FullControl" />
</AppPermissionRequests>We misinterpreted the documentation, replacing the scope with OUR site, which was wrong. So it really was as it was written in the documentation.
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequestScope="http://sharepoint/content/sitecollection"
Right="FullControl" />
</AppPermissionRequests>There are times that it is fine to just copy and paste the documentation. Hope this post helps others. Thanks!
Noel_Suarez It seems to me your call is successfull but does not retrieve any items. This can be either because there simply are no items, or maybe because permissions on the listitems are broken and the app has no inherited permissions on the libraries items.
Maybe try using /items?select=*
Standard everything should be returned, but maybe you have a specific filter already there?IshtarOnline - Thanks for taking a stab at it. Sorry for the delay in responding. Actually, it something insanely dumb. On our site - in the permissions XML, we created is as:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequestScope="https://SAMPLESITE.sharepoint.com/sites/SAMPLE"
Right="FullControl" />
</AppPermissionRequests>We misinterpreted the documentation, replacing the scope with OUR site, which was wrong. So it really was as it was written in the documentation.
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequestScope="http://sharepoint/content/sitecollection"
Right="FullControl" />
</AppPermissionRequests>There are times that it is fine to just copy and paste the documentation. Hope this post helps others. Thanks!
