We're using a SharePoint online site as a backend repository for a web application. The web application has a UI to allow users to upload/download/view files using Graph API. That means the web application is registered as an Azure web application and is using users' delegated permission, so when a user uploads a file, we can see his/her username on the file at the SharePoint site.
Is there some way to disable users directly uploading files when they visit the SharePoint site and only allow the web site programmatically upload files on behalf of the user?
Using users' delegated permission means that you have implemented behalf of the user flow.
What you need currently is to disable users directly uploading files in SharePoint online site.
You have two options:
Hide the "Upload" button through CSS. But this method just hides an entry on the sharepoint website. In fact, users can still save a document directly from an Office Application to the Sharepoint library. I will not elaborate on it here.
The second method is to provide the user/group View Only Permission Level. You can see this post on StackExchange for details about how to restrict users to upload or add a new document by managing unique permission for your library.
Related
I am currently working on an SPFX Teams webpart and show custom SharePoint online document library views in Teams. I have created an iframe in webpart and able to show this.
However when the app is deployed in other domain Tenent the iframe does not loads. The users from other domain tenant as added as guest users in SharePoint. Is there a way to authenticate them. iT is a Modern SharePoint site so cannot edit Master Page.
Could you please check that you have granted permissions to the guest users in your tenant? Check this documenataion for further information.
This seems like a simple question but I'm struggling to find an answer anywhere. Help! ;-)
I'm trying to use Microsoft Graph to read SharePoint lists/libraries in a SharePoint site, however this is just for one site (for our department) amongst many on our SharePoint online. I've registered an Azure AD app (with secret etc...) and requested 'application' permissions for the Microsoft Graph ('Create, edit, and delete items and lists in all site collections') and its saying 'admin consent required' is 'yes' and its currently flagged as 'not granted for *****'.
My boss is now asking - with a worried tone ;-)
will this mean the app can basically read/write/delete on all sites in
the organisations SharePoint (not just our site) if our IT department
'consent'?
I said I don't know actually... I guess I'm not entirely clear on which permissions this is for, is it just to call the Microsoft Graph API or is it for this app to access SharePoint itself? I've searched for answers to this but I'm struggling to find anywhere that says anything about giving your app permissions in SharePoint, it all seems to be about getting permissions for the Microsoft Graph to access SharePoint.
I just want the app to have permissions to read/write lists/files in this one SharePoint site, not any others (we have loads of sites for other departments). I feel like we should be adding permissions for this app (its service principal?) somewhere on the SharePoint site we want to access, but what permissions do I need to setup and where so this app can only access this one site?
Azure AD app registration now allows for granular access to SharePoint site collection, there is a new option Sites.Selected under Azure AD App Registration - Request API Permissions - refer to https://developer.microsoft.com/en-us/graph/blogs/controlling-app-access-on-specific-sharepoint-site-collections/
Unfortunately, this feature is still missing. It is not possible to limit the permissions to only one SharePoint site. It's either access to all SharePoint sites in the organisation or none. Check out the user vote for more information: here. Microsoft is still working on providing a way to limit the access to specific resources.
I'm looking for a way to access the corresponding Microsoft Team and SharePoint site that is created from a custom website tab. So what I have is a custom website tab added to a Microsoft Teams site. This tab is a website tab and is pointing to the custom website app that I'm building.
What I want to do is from within the custom website I want to be able to access the corresponding SharePoint site that was created from the Microsoft Team and then I want to be able to use the SharePoint client object model to interact with the document library.
You'd have to have your tab / web app provide an auth flow, and ask your user to grant access to the Graph APIs, which can be used to access that content.
trying to share a file with external users via the API, our in-house app will upload the file to sharepoint, return the view only link and we can then send that link to external users avoiding emails etc.
Is this possible with .NET C#?
Yes, it is possible. with the SharePoint client object model, your application can: Upload the document to the document list, and set the permission for that item, then return the link to external user.
Is there any method available for sharepoint that can do the following:
Create an internet site suing wss3.0. login using fba. no need to login to edit documents from library that logged in user has access to.
change the password of a user from the site?
You can create an internet site using FBA under WSS 3.0. You will need the appropriate license, which I believe is called the "internet connector" license in the case of WSS. I'm not sure what you mean by "no need to login to edit documents from library that logged in user has access to." You can expose a document library to anonymous users even if authenticated users have specific privileges to it, if that's what you mean. You can write a custom web part that will allow administrators or users themselves to change user passwords from within the site.