Follow me on Twitter @AntonioMaio2

Wednesday, May 15, 2013

SharePoint Summit 2013 - Best Practices for Security in Microsoft SharePoint 2013

Thanks to everyone that attended my session yesterday afternoon in Toronto at the SharePoint Summit 2013.  I had a packed room for the last session of the day, so a big thank you to everyone for sticking around. You can find the presentation I gave here:

Best Practices for Security in Microsoft SharePoint 2013

There were some great questions at the end of the session, in particular around anonymous Access to SharePoint sites and one that I could not answer well on permissions related to SharePoint Apps (related to the new App Model in SharePoint 2013).

Permissions for SharePoint 2013 Apps

I did a bit of reading and research today into how permissions work for SharePoint Apps in the new App Model.  A few quick points to know are:
  • An app for SharePoint requests the permissions that it needs during installation from the user who is installing it.
  • A developer must request, through the app manifest file, the permissions that the particular app needs to be able to run.
  • An app must be granted permissions by the user who is executing the app.
  • Users can grant only the permissions that they have.
  • The user who installs the app must grant all the permissions that an app requests or not grant any permission. The user can grant an app all or nothing in terms of the permissions requested.
In my readings I found some great MSDN articles related to Authentication, Authorization and Permissions related to SharePoint 2013 Apps here:
Please do reach out if you have any questions at all.

Enjoy.
   -Antonio

No comments:

Post a Comment