01-28-2018 09:28 PM
01-28-2018 09:28 PM
We are trying to have dev, test and prod site collections all on a single tenancy, but find that deplying a new version of an app is used by all site collections (even if you dont go to that site collection and specifically "get" the new app version).
A possible away around this would be to use Site Collection app catalogs - and then go through a release to each site collection's catalog in order to progress through the Dev, Test, Prod environments.
However (as indicated in the comments of this post https://docs.microsoft.com/en-us/sharepoint/dev/general-development/site-collection-app-catalog) external user's on a site with a site coll app cat get the error message: "The current user does not have the permission to access the App Catalog."
My test external user definitely has read access to the "Apps for SharePoint" list on the site collection, Is there something else I need to do to avoid this error?
02-08-2018 05:14 AM
I would also like to have the set-up you describe, with separate environments running separate versions of the code, but have had the same problem that External Users see an error message when viewing a page with an SPFx WebPart.
I believe I now have this working in a development tenancy. I enabled external sharing for the tenant App Catalog and added "Everyone" to the Visitors group. I can now see the page with the SPFx WebPart.
I followed the steps below to reproduce the problem:
When I logged-in to the Site as the external user, I saw the error message you describe.
I checked the tenant App Catalog and noticed that the Everyone except External Users group has Read permissions but the Everyone group has no permissions. I enabled external sharing for the tenant App Catalog (I selected the "Allow sharing only with the external users that already exist in your organization's directory" option) and added the Everyone group to the Visitors group. When I logged-in as the external user, I was able to view the page and the SPFx WebPart.
The problem seems to be with the permissions on the tenant App Catalog, not the site App Catalog. I will try making the permissions more restrictive, as allowing Everyone access is not ideal. In my case, I can just share with the specific external users who need to use the WebParts.
02-08-2018 02:50 PM
Hey David - thanks for the reply. Thought I would test it out, this is the process I followed:
Ok - so it is when there is a web part from the local site collection's app catalog that is causing the issue
So it seems for an external user to access a page that includes a web part from an app deplyed to the Site Collection App Catalog, that external user must have specifcally been given permissions to access the tenancies app catalog - i.e. the tenancies app catalog site must be shared to them so that they have read access.
This level of access is not required for external users to run a page containing a webpart in the tenancies app catalog
Bit weird - but I guess there is a path forward, even if it is not a great one
Thanks for the info David