Article 25 from 30 : App permissions – II

This post is article 25 from the 30 Articles App series for SharePoint

In this article, I will discuss more on scope and a few examples for app permissions.

an app can have these rights : Read , Write, Manage, FullControl. These rights correspond to the default permission levels: Reader, Contributor, Designer, and Full Control. For more information about user permission levels, see User permissions and permission levels.

Permission request scopes for other (other than sitecollection, website, list ) SharePoint features

Scope URI Available Rights More Info
http://sharepoint/bcs/connection Read Business Connectivity Services in SharePoint 2013
http://sharepoint/search QueryAsUserIgnoreAppPrincipal Search in SharePoint 2013
http://sharepoint/taxonomy Read, Write taxonomy
http://sharepoint/social/tenant Read, Write, Manage, FullControl  social
http://sharepoint/social/core Read, Write, Manage, FullControl  social
http://sharepoint/social/microfeed Read, Write, Manage, FullControl  social
http://sharepoint/projectserver Manage  projectserver
http://sharepoint/projectserver/projects Read, Write  projectserver
http://sharepoint/projectserver/projects/project Read, Write  projectserver
http://sharepoint/projectserver/enterpriseresources Read, Write  projectserver
http://sharepoint/projectserver/statusing SubmitStatus  projectserver
http://sharepoint/projectserver/reporting Read  projectserver
http://sharepoint/projectserver/workflow Elevate  projectserver

Only Read, Write, and Manage rights are allowed for Office Store apps. If you try to submit an app to the Office Store that requires FullControl rights, your app is blocked from submission. However apps that request more than Manage permissions can still be deployed through the app catalog.

Below are some example code for AppManifest file with different scope and rights of App permission

Request Read access to the web scope and the list scope.

  <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read"/>
  <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Read"/>

Request Write access to the list scope.

  <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Write"/>

The list permission request scope has an additional optional property. BaseTemplateId, and an integer value corresponding with a list base template, which filters the available lists down to the set of lists that match what is specified by the BaseTemplateId property.

<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Write">
    <Property Name="BaseTemplateId" Value="101"/>

Request access to all user profiles. ( This app must be installed by a tenant administrator. )

<AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="Read">

Request user’s feed or the team feed. This scope applies to personal sites that support microblogging or to team sites where the Site Feed feature is activated. If the app installs on any other type of site, use the Tenant scope.

<AppPermissionRequest Scope="http://sharepoint/social/microfeed" Right="Read">


Hope that helps..!!