cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need Clarification regarding Permission Scope XML 'AllowAppOnlyPolicy="true"'

berserkersap
Copper Contributor

‎May 24 2022 12:32 AM - edited ‎May 24 2022 02:18 AM

‎May 24 2022 12:32 AM - edited ‎May 24 2022 02:18 AM

Need Clarification regarding Permission Scope XML 'AllowAppOnlyPolicy="true"'

Hello Everyone,

I am working on copying sharepoint files to blob via ADF through this Microsoft Doc.

Now this doc says (for giving service principal / app access to sharepoint site)

For Site Owner permission use

 

<AppPermissionRequests>
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read"/>
</AppPermissionRequests>

 

For Site Admin permission use

 

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read"/>
</AppPermissionRequests>

 

Is this correct ?

As

The only difference between these two is 'AllowAppOnlyPolicy="true"'

 

According to another Microsoft Doc.

The reason we use  'AllowAppOnlyPolicy="true"' is so that the app works even when the user doesn't have access to sharepoint.

 

Our team was using the Site Owner XML to follow the least privilege principle but is unable to get data.[HttpFileFailedToRead , remote server returned an error : 403 forbidden error]

But if 'AllowAppOnlyPolicy="true"' will not give site admin role then we will use it [as our team do not have access to sharepoint].

We are cautious as the SPO site has some restricted content.

 

In short, I want to know what 'AllowAppOnlyPolicy="true"' does. Will it give site admin role or something else ?

 

berserkersap_0-1653383830642.pngberserkersap_1-1653383863407.png

 

 

 

Thank You

827 Views
0 Likes
0 Replies
Reply
0 Replies