Best practices for making Add-in available for limited number of site collections

Copper Contributor

I have scenario with a SPO environment that consists of hundreds of team and project site collections built from company standard templates. We’ve made a few add-ins available to the standard sites via the App catalog. We also have a few cases where we want to build custom sites which we consider to be LOBs. For some of these, provider hosted add-ins are needed but we don’t want do deploy these apps in the App catalog and make them available to all standard site collections. (Don’t want the app to appear in “Apps you can add” on standard sites)

 

Is it possible to limit the availability of apps to single or a few site collections? Break inheritance on the list items in the app catalog? Skip the app catalog and manually install via side loading even if it's only recommended for dev/test? Using the “enabled” property on items in the catalog to just make it available a short time, then when installed in the correct site uncheck “enabled”? What’s the best way to solve this?

 

 

Some notes around this from PnP

2 Replies

I have not found a way to limit where apps can be installed if they are in the app catalog. However, I have limited who can see them in site collections by changing the permissions of the app in the app catalog itself. We do this for similar reasons where we have apps we don't want installed on any other site collection.

 

  1. Setup people in a SharePoint permission group in the App Catalog you are allowing to install apps in site collections.
  2. Add the app to the app catalog. In the Apps for SharePoint library, select the app in question.
  3. Using the ribbon, select Shared with > Advanced. Then choose Stop Inheriting Permissions.
  4. Remove the Everyone group and any other SharePoint permission groups you do not want to see the app.

 

Hi,

 

We had the same need and had the same problem. So applied one dirty workaround which is

- Installed and deployed (tenant scope) the provider hosted add-in in app catalog for team site template. We deployed at tenant scope because we wanted that add-in available by default in new site collections so that user does not have to install it but limited to team site collection template.

- in site creation process, set one property in web property bag to SiteType X for e.g. in your case property value could be LoB

- in same site creation process, embed JS (JS injection through custom action) which will read the property value and if property value = LoB, then it will show the add-in on site contents page otherwise by default this add-in will be hidden

- in Romote web code of add-in, we have implemented the logic so that in case by some reason user is able to reach the add-in URL with proper token in a site collection where it should be hidden, which will check the site property bag again before loading the default page of the add-in. If property value is not set to LoB, it will show the error page.

 

Since it was critical for us to implement this, so this was the quick workaround which was implemented.

 

- Prashant.