What is the minimum permissions required to use UserProfileService web service?

%3CLINGO-SUB%20id%3D%22lingo-sub-743059%22%20slang%3D%22en-US%22%3EWhat%20is%20the%20minimum%20permissions%20required%20to%20use%20UserProfileService%20web%20service%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-743059%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20minimum%20required%20permissions%20to%20use%26nbsp%3BUserProfileService%20web%20service%26nbsp%3Bwith%20the%20call%20to%20a%20method%20%E2%80%9CGetUserPropertyByAccountName%E2%80%9D%20to%20retrieve%20property%20called%20%E2%80%9CPersonalSpace%E2%80%9D%3F%20It%20does%20work%20with%20full%20SharePoint%20Admin%20role%2C%20but%20i%20would%20like%20minimize%20this%20requirement%20for%20the%20obvious%20reasons.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-751972%22%20slang%3D%22en-US%22%3ERe%3A%20What%20is%20the%20minimum%20permissions%20required%20to%20use%20UserProfileService%20web%20service%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-751972%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F372856%22%20target%3D%22_blank%22%3E%40Art_Kelenzon%3C%2FA%3EI'm%20not%20100%25%20sure%20but%20SharePoint%20has%20a%20permission%20called%20%22Use%20Remote%20Interfaces%22.%20This%20permission%20also%20requires%20a%20user%20to%20have%20the%20%22Open%20Site%22%20permission.%20The%20minimum%20permissions%20required%20would%20involve%20to%20create%20a%20permission%20level%20with%20these%202%20permissions%20on%20the%20site%20through%20which%20you're%20calling%20the%20web%20services.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20default%20%22Read%22%20permission%20level%20also%20consists%20of%20these%202%20permission%20so%20you%20might%20use%20that%20one%20as%20well%20but%20then%20you'd%20have%20more%20permissions%20than%20the%20minimum%20required.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-757280%22%20slang%3D%22en-US%22%3ERe%3A%20What%20is%20the%20minimum%20permissions%20required%20to%20use%20UserProfileService%20web%20service%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-757280%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1803%22%20target%3D%22_blank%22%3E%40Paul%20Pascha%3C%2FA%3E%2C%26nbsp%3Bthanks%20for%20your%20reply.%20Can%20this%20be%20done%20on%20the%20tenant%20level%20so%20any%20existing%20as%20well%20as%20any%20new%20SharePoint%20sites%20are%20accessible.%20And%20where%20exactly%20in%20SharePoint%2FOffice365%20can%20we%20set%20such%20permissions%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-757670%22%20slang%3D%22en-US%22%3ERe%3A%20What%20is%20the%20minimum%20permissions%20required%20to%20use%20UserProfileService%20web%20service%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-757670%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F372856%22%20target%3D%22_blank%22%3E%40Art_Kelenzon%3C%2FA%3E%2C%20SharePoint%20permissions%20exist%20on%20the%20site%20collection%20level.%20Calling%20SharePoint's%20web%20services%20is%20(AFAIK)%20always%20done%20in%20the%20context%20of%20a%20certain%20site%20collection%20so%20that%20would%20be%20the%20site%20where%20you%20need%20to%20grant%20these%20permissions.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20know%20of%20any%20way%20to%20control%20these%20permissions%20more%20centrally%20at%20the%20tenant%20or%20farm%20level.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDepending%20on%20what%20solution%20you%20are%20using%20for%20%22Site%20Provisioning%22%20you%20could%20maybe%20incorporate%20some%20logic%20to%20add%20the%20user%20with%20required%20permissions%20for%20any%20existing%20site%20as%20well%20as%20new%20ones.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

What is the minimum required permissions to use UserProfileService web service with the call to a method “GetUserPropertyByAccountName” to retrieve property called “PersonalSpace”? It does work with full SharePoint Admin role, but i would like minimize this requirement for the obvious reasons.

3 Replies
Highlighted

@Art_KelenzonI'm not 100% sure but SharePoint has a permission called "Use Remote Interfaces". This permission also requires a user to have the "Open Site" permission. The minimum permissions required would involve to create a permission level with these 2 permissions on the site through which you're calling the web services.

 

The default "Read" permission level also consists of these 2 permission so you might use that one as well but then you'd have more permissions than the minimum required.

Highlighted

Hi @Paul Pascha, thanks for your reply. Can this be done on the tenant level so any existing as well as any new SharePoint sites are accessible. And where exactly in SharePoint/Office365 can we set such permissions?

Highlighted

Hi @Art_Kelenzon, SharePoint permissions exist on the site collection level. Calling SharePoint's web services is (AFAIK) always done in the context of a certain site collection so that would be the site where you need to grant these permissions.

 

I don't know of any way to control these permissions more centrally at the tenant or farm level.

 

Depending on what solution you are using for "Site Provisioning" you could maybe incorporate some logic to add the user with required permissions for any existing site as well as new ones.