Is there a crosswalk of SharePoint add-in permissions description to their *actual* rights granted?

I’m a Sharepoint Farm Admin, and am in charge of permission reviews for requested Sharepoint add-ins. In the past, we have judged certain app requests as too permissive and denied them based on the description-only from the request itself.

My issue is our group does not fully agree upon what each description means. Therefore our assessments are inconsistent.

Example 1: “Let it access basic information about the users of this site”

(1) What basic information? userid, displayname, email, but not what…manager?

(2) Microsoft loosely switches between calling site collections “sites” and site/subsite “webs”. So will that mean users of the site collection or the subsite level?

I understand about policies UserOnly AppOnly, User+App; but since we only have access to the text description in the App Store, when is which policy applied?

Example 2: “Let it create or delete document libraries and lists in this site collection.” (DOCUSIGN FOR SHAREPOINT)

The implication is that is User+App based on other “Let it…” permissions. But because it is for signing documents, doesn’t feel right that it would require the USER to have list management rights to function as expected.

How to prevent a program from being uninstalled by a user with root permissions?

In order to solve my need to a website blocker software on Ubuntu to fight self-temptation, I’ve decided to take a compound approach:

  • Install a website blocker app
  • Put password on that app to access the setting or to uninstall

Is there a way to do so?
I have the root access and I’m the only user of the software. Can I prevent my self from uninstalling an app with a password?

Create permissions for multiple folders in a folder structure

I’m pretty new to SharePoint. My work stores a lot of files/folders in SharePoint. I need to change folder permission on multiple sub folders (maybe 3000 sub folders). We do have a folder structure, for example:

Big Folder 1  Main Folder 1> Sub Folder 1, Sub Folder 2, Sub folder 3 Main Folder 2> Sub Folder 1, Sub Folder 2, Sub Folder 3  Big Folder 2 Main Folder 1> Sub Folder 1, Sub Folder 2, Sub folder 3 Main Folder 2> Sub Folder 1, Sub Folder 2, Sub Folder 3 

So there are about 50 Big folders and within which there are many Main Folders within which there are 3 sub folders within which there are many files. These sub folders have same name across all the folders. I need everyone to be able to access the Site (which everyone has permission to at the moment) but I just want Sub Folder 3 to be restricted to say 5 specific people.

How do I go about doing this? I could do unique permissions but then I would have to go into all the sub folders>Manage Permission>Add these five people? And like I said there are over 3000 sub folders.

There must be an easier way to do this. Is there a script I can run that will say look for any folders named “X” and set permissions for “X”. Or anyway I can achieve this?

Also, we have a SharePoint person in the company but he isn’t very knowledgeable and he hosts the site. If there was a script I could run, would I have to run the script on the server/computer where the SP is being hosted? I have admin access to the SharePoint site.

Greatly appreciated.

Add Azure AD users to SharePoints groups and document library permissions in bulk

I need to create Azure AD users in bulk (about 90), in order to add each of them: – To a SharePoint group present in 90 sub-sites – Authorizations from two libraries in each of these sub-sites

Example : – User: “user1@mydomain.com” – SharePoint sub-site: “https://mydomain.sharepoint.com/sites/principalsite/sub-site1” (already created) – Two document libraries: “Library1” and “Library2” (already created) for which the user “user1@mydomain.com” must be added to the authorizations of these two libraries, with a specific authorization level “Special authorization” (already created)

  • User: “user2@mydomain.com”
  • SharePoint sub-site: “https://mydomain.sharepoint.com/sites/principalsite/sub-site2” (already created)
  • Two document libraries: “Library1” and “Library2” (already created) for which the user “user2@mydomain.com” must be added to the authorizations of these two libraries, with a specific authorization level “Special authorization” (already created)

Etc Etc Etc….. Up to 90.

The idea would be to create a PowerShel script based on a CSV file with the necessary information: UPN > Sharepoint link > Sharepoint group name > Document library names > Name of the specific authorization level.

I don’t really master scripting and I don’t know much about the powershell functions related to Sharepoint. After some research, I find information but it doesn’t really correspond to my needs.

Can you help me ?

Regards,

How to copy the folder structure and permissions with in the same library

I have a document libray with structure below FolderA->Subfolder1->item1 Subfolder2–>item2 They have folder level permissions . now i want to create the same folder structure and permissions with different Folder Pareant name for example

Once we copy the folder structure should be FOLDER B–>Subfolder1->item1 Subfolder2–>item2 This is for sharepointonline CSOm powershell

Get user permissions for a specific project by Guid in Project Server

Is there a way to get user permission for a project using its Guid. I have seen that you can get the permission of a user for the site but I am only interested in the users permissions for a specific project.

        ProjectContext pc = new ProjectContext(pwaPath)         {             Credentials = new NetworkCredential(username, password)         };          //now you can query         pc.Load(pc.Projects);         pc.ExecuteQuery();         foreach (var p in pc.Projects)         {             Console.WriteLine(p.Name);         } 

I have all the project now and I want to get the permissions for a certain user? How can I proceed? Any idea thanks

Dynamic SharePoint Permissions

I have the following requirements regarding permisisons which so far couldn’t find a good solution for. Appreciate your thoughts and experience.

When adding/editing an item and based on its metadata, specific users(s) shall have access as edit, others as view and the rest none. The issue is that assigning the permissions is a bit difficult. The user can be assigned to view the requests that are submitted by a specific country. Also he might be able to view the requests that are submitted by a specific company and even both. User X can view Country A. User Y can view Company B (that might exist in Country A and Country C) User Z can view country A and Company B -> only requests submitted from Country A from the Company B

This is just a subset of data and it prolongates to additional 5 columns (Departments, Business Unit, Cost Center, etc…)

What is the best way to manage such kind of permisisons given that it should be easily managed with the ability to have instantanuous changes where adding a user for Company A will directly provide him access to all previous submitted requests.

An option would be having a list where users are added with the differnt assigned data as coulumn and automatically adding them to the related SharePoint groups that follow a specific pattern. Access shall be granted to these groups. The issue is that I foresee a huge amount of SharePoint groups that shall be created: (Role_Country_Company_BusinessUnit_Department_CostCenter) and all the individual combinations (Role_Country, Role_Compnay, Role_CostCenter and ROle_Country_Company) etc…

Application enviornment is SharePoint online and SharePoint 2016 On-Premise (due to data privacy requirements for some countries).

Appreciate your input.

Thanks, Zeina