Best Practices for Security in Microsoft SharePoint 2013
There were some great questions at the end of the session, in particular around anonymous Access to SharePoint sites and one that I could not answer well on permissions related to SharePoint Apps (related to the new App Model in SharePoint 2013).
Permissions for SharePoint 2013 Apps
I did a bit of reading and research today into how permissions work for SharePoint Apps in the new App Model. A few quick points to know are:- An app for SharePoint requests the permissions that it needs during installation from the user who is installing it.
- A developer must request, through the app manifest file, the permissions that the particular app needs to be able to run.
- An app must be granted permissions by the user who is executing the app.
- Users can grant only the permissions that they have.
- The user who installs the app must grant all the permissions that an app requests or not grant any permission. The user can grant an app all or nothing in terms of the permissions requested.
Please do reach out if you have any questions at all.
Enjoy.
-Antonio