Before actually coming to the definition of the App-Only policy, let us briefly discuss a scenario that will help us in better understanding what we want to achieve using this App-Only Policy.
Say you have a requirement where you want the user to write something to a list but the user does not have the contribute permissions on the list. Let us say the user simply have a read access on the list. So how to handle such a scenario. You might think about RunWithElevatedPrivileges API over here but here it won’t work as we are talking about SharePoint Online. So, the question is how to accomplish this?
The answer is App Only Policy.
Now, in order to discuss what App Only Policy is, let us talk about the different App authorization policy types.
SharePoint provides three types of app authorization policy types.
Say you have a requirement where you want the user to write something to a list but the user does not have the contribute permissions on the list. Let us say the user simply have a read access on the list. So how to handle such a scenario. You might think about RunWithElevatedPrivileges API over here but here it won’t work as we are talking about SharePoint Online. So, the question is how to accomplish this?
The answer is App Only Policy.
Now, in order to discuss what App Only Policy is, let us talk about the different App authorization policy types.
SharePoint provides three types of app authorization policy types.
- User-Only Policy
- User+App Policy
- App-Only Policy
User-Only Policy – In User-Only policy, SharePoint checks only the permission of the user.
User+App Policy – In User+App Policy, SharePoint checks the permission of both the user as well as the app principal. Authorization happens only if both user as well as the app has the permission to perform the desired action.
App-Only Policy – In the App-Only Policy, SharePoint checks the permissions of the app principal. Authorization checks succeed if the app has the desired permission to perform the action irrespective of the permission of the current user.
Having said that, it is clear that App-Only policy is very helpful in scenarios where we do not want to give users the permissions to access resources directly but do want them to do some actions which they cannot directly perform with the permission levels they have. In such scenarios we develop apps with App-Only policy.
User+App Policy – In User+App Policy, SharePoint checks the permission of both the user as well as the app principal. Authorization happens only if both user as well as the app has the permission to perform the desired action.
App-Only Policy – In the App-Only Policy, SharePoint checks the permissions of the app principal. Authorization checks succeed if the app has the desired permission to perform the action irrespective of the permission of the current user.
Having said that, it is clear that App-Only policy is very helpful in scenarios where we do not want to give users the permissions to access resources directly but do want them to do some actions which they cannot directly perform with the permission levels they have. In such scenarios we develop apps with App-Only policy.
No comments:
Post a Comment