Sharepoint Online App Catalog unique permissions

%3CLINGO-SUB%20id%3D%22lingo-sub-2823147%22%20slang%3D%22en-US%22%3ESharepoint%20Online%20App%20Catalog%20unique%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2823147%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3Ein%20Sharepoint%20Online%20I%20have%20an%20app%20catalog%20with%20several%20apps.%20One%20of%20them%20is%20an%20application%20customizer%20which%20creates%20a%20horizontal%20navigation%20bar%20on%20all%20sites%20in%20the%20tenant.%3C%2FP%3E%3CP%3EUntil%20a%20few%20days%20ago%2C%20the%20app%20catalog%20was%20not%20accessible%20to%20guest%20users.%20I%20then%20changed%20that%20by%20adding%20an%20azure%20active%20directory%20group%20containing%20certain%20guest%20users%20with%20read%20permissions%20to%20the%20app%20catalog.%3C%2FP%3E%3CP%3EThis%20worked%20fine.%3C%2FP%3E%3CP%3ENow%20i%20need%20to%20refine%20these%20permissions%20so%20that%20the%20azure%20active%20directory%20group%20can%20use%20all%20apps%20in%20the%20app%20catalog%20except%20the%20one%20for%20the%20menu.%3C%2FP%3E%3CP%3ESo%20i%20broke%20the%20permission%20inheritance%20on%20the%20.sspkg%20file%2C%20the%20related%20folder%20under%20%2FClientSideAssets%20and%20the%20files%20under%20%2FTenantWideExtensions%20and%20removed%20the%20groups%20read%20permissions%20to%20these%20files.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20problem%20is%2C%20after%201%20day%20has%20passed%2C%20the%20users%20in%20this%20group%20have%20still%20access%20to%20the%20menu%20(i.e.%20they%20still%20see%20the%20menu).%20Even%20new%20users%20added%20to%20the%20group%20can%20see%20the%20menu.%3C%2FP%3E%3CP%3EI%20then%20removed%20the%20entire%20group%20from%20the%20app%20catalog%20site%2C%20even%20from%20the%20user%20list%2C%20but%20without%20any%20success.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20i%2C%20without%20modifying%20the%20app%2C%20remove%20access%20to%20it%2C%20whilst%20keeping%20access%20to%20all%20other%20apps%20for%20a%20limited%20group%20of%20users%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20is%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2823147%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hello, 

in Sharepoint Online I have an app catalog with several apps. One of them is an application customizer which creates a horizontal navigation bar on all sites in the tenant.

Until a few days ago, the app catalog was not accessible to guest users. I then changed that by adding an azure active directory group containing certain guest users with read permissions to the app catalog.

This worked fine.

Now i need to refine these permissions so that the azure active directory group can use all apps in the app catalog except the one for the menu.

So i broke the permission inheritance on the .sspkg file, the related folder under /ClientSideAssets and the files under /TenantWideExtensions and removed the groups read permissions to these files.

 

The problem is, after 1 day has passed, the users in this group have still access to the menu (i.e. they still see the menu). Even new users added to the group can see the menu.

I then removed the entire group from the app catalog site, even from the user list, but without any success. 

 

How can i, without modifying the app, remove access to it, whilst keeping access to all other apps for a limited group of users?

 

Any help is appreciated.

0 Replies