I am working on SharePoint add-in. All works fine but few days ago I have got this kind of error/warning "Your tenant administrator has to approve this app." It happen when app deployed and you have to choose "Trust It" or "Cancel". Trust button is not active. Also I have tenant admin rights.
Here is a pace of AppManifest file.
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
Maybe I need to set rights somewhere else to solve this problem?
Solution found, just tried and worked.
MS has recently made a change, which seems to have gone quietly. If you need any tenant level permission for your App only provider hosted app, you need to add permission in tenant admin site and not in any of the site collection
http://sharepointitis.blogspot.com.au/2016/09/app-only-policy-with-tenant-level.html
If working in Sharepoint Online, here are two solutions:
Reset the tenant level permissions in the SharePoint Online admin center. In other words, set the permissions at "https://[yourtenant]-admin.sharepoint.com/_layouts/15/appinv.aspx" by copying in the xml snippet that you provided in the question
Follow the instructions that are detailed in the attached in the following image which is a screenshot taken from Troubleshooting: App debug and installation issue in SharePoint Online
Related
I have created the list workflow and just printing the history log to print a test message. I am trying to publish the workflow using my account but it always returning me below warning error message.
You do not have permission to do this operation. Ask your site
administrator to change your permissions and then try again, or log on
with a user account that has this permission. To log on with a
different user account click OK.
I did below workaround but did not get work:
Checked the site permissions for my account, all permissions are working correctly. I have full control, design and contribute access.
Checked the permissions for SharePoint designer, this is working fine. I am Primary administrator from central admin.
Checked the application pool. This is working fine.
Reset the IIS.
Also restarted the server as well once.
Can any one please advise what is the exact issue here?
You could try to install the latest update for SharePoint Designer. Check if it works for you.
1.Install SPD SP1:https://support.microsoft.com/en-us/help/2817441/description-of-microsoft-sharepoint-designer-2013-service-pack-1-sp1
2.Then install the latest update: https://support.microsoft.com/en-us/help/3114721/august-2-2016-update-for-sharepoint-designer-2013-kb3114721
This seems like a simple question but I'm struggling to find an answer anywhere. Help! ;-)
I'm trying to use Microsoft Graph to read SharePoint lists/libraries in a SharePoint site, however this is just for one site (for our department) amongst many on our SharePoint online. I've registered an Azure AD app (with secret etc...) and requested 'application' permissions for the Microsoft Graph ('Create, edit, and delete items and lists in all site collections') and its saying 'admin consent required' is 'yes' and its currently flagged as 'not granted for *****'.
My boss is now asking - with a worried tone ;-)
will this mean the app can basically read/write/delete on all sites in
the organisations SharePoint (not just our site) if our IT department
'consent'?
I said I don't know actually... I guess I'm not entirely clear on which permissions this is for, is it just to call the Microsoft Graph API or is it for this app to access SharePoint itself? I've searched for answers to this but I'm struggling to find anywhere that says anything about giving your app permissions in SharePoint, it all seems to be about getting permissions for the Microsoft Graph to access SharePoint.
I just want the app to have permissions to read/write lists/files in this one SharePoint site, not any others (we have loads of sites for other departments). I feel like we should be adding permissions for this app (its service principal?) somewhere on the SharePoint site we want to access, but what permissions do I need to setup and where so this app can only access this one site?
Azure AD app registration now allows for granular access to SharePoint site collection, there is a new option Sites.Selected under Azure AD App Registration - Request API Permissions - refer to https://developer.microsoft.com/en-us/graph/blogs/controlling-app-access-on-specific-sharepoint-site-collections/
Unfortunately, this feature is still missing. It is not possible to limit the permissions to only one SharePoint site. It's either access to all SharePoint sites in the organisation or none. Check out the user vote for more information: here. Microsoft is still working on providing a way to limit the access to specific resources.
I am facing a weird authentication issue for an intranet sharepoint 2010 site.
When a user from site owner group tries to access the site by this URL,
http://machine name:1111/ a windows credential pops up, even if user provides correct login details, he is not able to log in. But when user tries to access this URL, http://machine name:1111/SitePages/Home.aspx he is able to login successfully.
The site uses classic authentication mode.
Please let me know, what could be the reason for such strange behaviour.
Regards
Naimish
Got it resolved now.
The physical directory should have 'Read' rights for Everyone. In my case, the folder 1111 has this rights removed. I have given the said rights and its working fine now.
Regards
I got the folloiwng exception while activating a web application feature using Stsadm:
Access denied! Only SRP admin can remove property or section.
I have no ideas what a SRP admin is. I'm also at a loss to explain what kind of access does it need. The account I'm log into the box has the maximum access possible, and I would assume that stsadm runs all its commands as the super user. Googling didn't reveal much either.
Any help would be appreciated. TIA.
Taken from here:
The account that you use to run, must be granted Personalization rights in Shared Services Administration for the Default SSP.
Go to Central Administration
Click on SSP-Public
Click on Personalization services permissions
Add the account and grant Manage user profiles
What feature are you trying to activate (if it's not a custom feature of course)? What is corresponding application pool identity? Are you farm administrator? If not, try to add yourself to farm admins. Also be sure you do "Run as administrator" when launching cmd for stsadm. If all this will not help, try to add your application pool identity to farm administrators.
I've got a SharePoint website running on my machine (which it shows me inside the Application Pool in the Inet Manager).
Now this website has a different user credentials specified under the Identity section (properties). Also when I view the w3wp.exe in the task manager it shows that the site is running as a different user.
The problem is that if I change the username and password of the existing user with mine, the site stops working.
How do I run it under my account credentials.
Please help. Thanks
If you want to change the account that runs the SharePoint application pool, you must make sure that the new account has the same permissions as the current one. That includes the correct database permissions. Otherwise the SharePoint Web Application stops working.
The behavior you are describing is normal. Whatever account you use to login to your SharePoint site, the application pool will still be using the account assigned to it.
Regards,
M