Sharepoint permissions/roles
Hi, I am writing an application that has the following features create/modify/delete sites, (un)assign user permissions, upload and deploy webparts, allow sharing sites/documents with externals (guests). This is all tested and possible with my application but my applications is using "Sharepoint Admin" permissions to accomplish this. This is way to much and I am in search of permissions/roles that are within the above mentioned scope. I have looked into providing "site collection admin" but a site collection setup does not provide enough flexibility in assigning permissions to users to the sites and also it is only for predefined, pre-created sites while my application needs to be able to create several different sites. So far this is the main goal. Having sad that second goal is to add boundaries to this permission so that it will not have permission outside certain sites. The URL of these sites will be predefined and before they are created. I have tried to accomplish this with: AAD user with Sharepoint permissions but could not find anything better then "Sharepoint admin". Which has as mentioned before to much permissions. Sharepoint Add-in but could not find anyway of setting the permissions to the above mentioned permission scope. Azure App registration with ClientSecret or certificate but this way the allowed permissions by Azure are inadequate. The limitations of this last point is described in the following article, https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly I hope that someone can help me find the correct way of accomplish this, as I am certain I have overlooked something.
How to disable/remove the Export to Excel/Power Apps/Flow buttons from a Sharepoint online list
I'm looking for a way to disable/remove the Export to Excel/Power Apps/Flow buttons from a Sharepoint online list, this is so users with read only permissions are not able to access those features. Even removing the Ribbon altogether for read only users would be a solution, switching to the Classic view removes the PowerApps and Flow buttons but users are still able to Export to Excel, any help would be appreciated.
SharePoint Request Access
Hi Reader, I'm having team site, with below settings even I configured as shown above. site owners aren't getting access requests except me(who created the site). even i tried adding the users to Site Collection admins but no luck. am i missing any configuration settings here ? how can all the site admins can receive the access requests ?
PowerAutomate minimal permission requirements
HI All, What are the minimal SharePoint permission requirements to allow a user to trigger a "for selected file" Flow? I've inherited a library that has multiple folders, each with unique permissions - some people are allowed to view all documents, some are restricted as per the folders, there are also editors with the same restrictions. What I need is for the Editors to be able to manually trigger a Flow that assigns others edit access to a single, selected file, these assignee's should also then be able to manually trigger a submit Flow. The problem i have, is that i can't work out the permissions required to allow the asignees to manually trigger the workflow without giving them Edit access to the entire library. Cheers RobMicrosoft Look Book template deployment
I don't know if this is the right forum for this but I have just learned that, while the LookBook website indicates that only tenant admins are to be able to create sites using the templates, an E3 licensed user with no admin roles just created his own Comm site without any issue or assistance and I, as the SharePoint and TEAMS administrator had no idea he did so. Our company has strict rules about who can create along with naming conventions, etc. to follow when creating and he was able to bypass ALL of it. I'm not faulting the user, I am faulting Microsoft's verbiage and/or security. Either the website is erroneous when it says only admins can create/use the templated or there is a security/management breach going on for this. I am VERY concerned at what this means for our company: it will be Pandora's Box is a blink of an eye. Please, would someone please explain what is going on and how I can stop this from being something anyone in my tenant can do? QUICK!
SharePoint 2010 item permissions workflow - getting user from look-up list
On SharePoint Online I have a 2010 workflow with an Impersonation Step to Replace permissions of the current item so only the person who created it and also the Administrator for the corresponding region can see it. Presently the Administrator is hard-coded in the workflow, looking up from the main company directory on Exchange. The Region is a choice column on the list the workflow is running on. Whenever a regional Admin changes - or additional ones are added - the workflow will need to be adjusted so the permissions are changed (person removed or new ones added). My question is: **How would I use a Lookup list** with Region and the corresponding Admin so the workflow can look at that instead of the names being hard-coded on the w/f? This will be a better interface, so the admin team can change admin roles from a list themselves rather than having IT to change the workflow each time. Thanks!SharePoint Groups: Help Me Understand
Modern SharePoint allows you to add users via Sharing, which doesn't add users to the old "advanced" permission groups. Then I noticed that in the "advanced permission" groups, that there is a group within a group. I can't look at the people inside of the second "Human Resources Members" group but I suspect that it is a list of the people with whom the site has been shared. Can someone confirm that? What would happen if I deleted the second, nested "Human Resources Members"? Any help to understand this would be appreciated.
