cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Site Collection App Catalog - External Users

Nigel Witherdin
Iron Contributor

‎Jan 28 2018 09:28 PM

‎Jan 28 2018 09:28 PM

Site Collection App Catalog - External Users

Hi,

 

We are trying to have dev, test and prod site collections all on a single tenancy, but find that deplying a new version of an app is used by all site collections (even if you dont go to that site collection and specifically "get" the new app version).

 

A possible away around this would be to use Site Collection app catalogs - and then go through a release to each site collection's catalog in order to progress through the Dev, Test, Prod environments.

 

However (as indicated in the comments of this post https://docs.microsoft.com/en-us/sharepoint/dev/general-development/site-collection-app-catalog) external user's on a site with a site coll app cat get the error message: "The current user does not have the permission to access the App Catalog."

 

My test external user definitely has read access to the "Apps for SharePoint" list on the site collection, Is there something else I need to do to avoid this error?

 

Thanks

 

Nigel

 

 

Labels:
8,443 Views
0 Likes
2 Replies
Reply
2 Replies
David Preston

‎Feb 08 2018 05:14 AM

‎Feb 08 2018 05:14 AM

Re: Site Collection App Catalog - External Users

Hi Nigel,

 

I would also like to have the set-up you describe, with separate environments running separate versions of the code, but have had the same problem that External Users see an error message when viewing a page with an SPFx WebPart.

 

I believe I now have this working in a development tenancy.  I enabled external sharing for the tenant App Catalog and added "Everyone" to the Visitors group.  I can now see the page with the SPFx WebPart.

 

I followed the steps below to reproduce the problem:

 

  1. Created a new Site Collection and enabled external sharing
  2. Configured the Site Collection to have its own App Catalog
  3. Uploaded an SPFx App into the App Catalog
  4. Added the App to my Site
  5. Created a Site Page and added the SPFx WebPart
  6. Shared the Site with an external user

When I logged-in to the Site as the external user, I saw the error message you describe.

 

I checked the tenant App Catalog and noticed that the Everyone except External Users group has Read permissions but the Everyone group has no permissions.  I enabled external sharing for the tenant App Catalog (I selected the "Allow sharing only with the external users that already exist in your organization's directory" option) and added the Everyone group to the Visitors group.  When I logged-in as the external user, I was able to view the page and the SPFx WebPart.

 

The problem seems to be with the permissions on the tenant App Catalog, not the site App Catalog.  I will try making the permissions more restrictive, as allowing Everyone access is not ideal.  In my case, I can just share with the specific external users who need to use the WebParts.

 

Regards,

 

David Preston

1 Like
Reply
Nigel Witherdin

‎Feb 08 2018 02:50 PM

‎Feb 08 2018 02:50 PM

Re: Site Collection App Catalog - External Users

Hey David - thanks for the reply. Thought I would test it out, this is the process I followed:

 

  • login to site, create blank modern page (no web parts)
  • access blank page with external user - access successful
  • add a text web part to the page
  • access blank page with external user - access successful
  • add a custom web part that is in the tenancies app catalog
  • access blank page with external user - access successful
  • add a custom web part that is in the site coll app catalog
  • access blank page with external user - access FAIL
  • remove custom web part that is in the site coll app catalog
  • access blank page with external user - access successful

Ok - so it is when there is a web part from the local site collection's app catalog that is causing the issue

  • check the external user has read access to the local catalog - true
  • give "Everyone" read access to the tenancies app catalog
  • access blank page with external user - access successful
  • add a custom web part that is in the site coll app catalog
  • access blank page with external user - access FAIL
  • open the tenancies app catalog site for sharing to anonymous users
  • confirm my external user can access to the app catalog site
  • add a custom web part that is in the site coll app catalog
  • access blank page with external user - access PASS

WOW!!!

 

So it seems for an external user to access a page that includes a web part from an app deplyed to the Site Collection App Catalog, that external user must have specifcally been given permissions to access the tenancies app catalog - i.e. the tenancies app catalog site must be shared to them so that they have read access.

 

HOWEVER

 

This level of access is not required for external users to run a page containing a webpart in the tenancies app catalog

 

?!?!?

 

Bit weird - but I guess there is a path forward, even if it is not a great one

 

Thanks for the info David

 

 

0 Likes
Reply