May 02 2022 12:48 PM
Hi,
I am writing an application that has the following features create/modify/delete sites, (un)assign user permissions, upload and deploy webparts, allow sharing sites/documents with externals (guests).
This is all tested and possible with my application but my applications is using "Sharepoint Admin" permissions to accomplish this. This is way to much and I am in search of permissions/roles that are within the above mentioned scope.
I have looked into providing "site collection admin" but a site collection setup does not provide enough flexibility in assigning permissions to users to the sites and also it is only for predefined, pre-created sites while my application needs to be able to create several different sites.
So far this is the main goal.
Having sad that second goal is to add boundaries to this permission so that it will not have permission outside certain sites. The URL of these sites will be predefined and before they are created.
I have tried to accomplish this with:
The limitations of this last point is described in the following article,
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly
I hope that someone can help me find the correct way of accomplish this, as I am certain I have overlooked something.