cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Setting SharePoint Online permissions using SPFX and it's limitations

Cardinal_Night
Brass Contributor

‎Jan 28 2021 02:23 AM - edited ‎Jan 29 2021 12:55 AM

‎Jan 28 2021 02:23 AM - edited ‎Jan 29 2021 12:55 AM

Setting SharePoint Online permissions using SPFX and it's limitations

I've been developing SPFX webparts and come up against an issue when trying to set permissions. I knew that a user without Full Control permissions, cannot change permissions on a securable (SPO list item or file). This I foolishly realised, after many weeks of developing using the SPFX workbench, only to deploy a version to a real site, sign in as a user without Full Control, attempt to create a list item or file only for it to give back 403 errors, forbidden or access denied when the item is created and the pnp/sp kicks in (for e.g.):

 

 

 

 

 

 const ReadroleDefinition = await sp.web.roleDefinitions.getByName("Read").get();
                    await sp.web.lists.getByTitle('Attachments').items.getById(theId).breakRoleInheritance(true, true);
 
                    if(DeptContact){
                    await sp.web.lists.getByTitle('Attachments').items.getById(theId).roleAssignments.add(DeptContact, ReadroleDefinition.Id);
                     }

 

 

 

 

 



I elevated the users permissions incrementally, from Contribute, to Edit, to Design, none worked until finally I increased it to Full Control. This allowed the user to work with the form as normal. 

 

The big problem this caused though was that user had full control. Which for the customer was far too much power! 
My question:

Is there a way to create a webpart/extension using pnp/sp that can change permissions on an item/file without the user needing Full Control?

 

 

Labels:
2,627 Views
0 Likes
0 Replies
Reply
0 Replies