Power Community

Power Community

Locking down SharePoint so only Integrated App can be used

This is an issue that has been the subject of many questions and below is the series of processes which I believe adequately addresses the structure needed.

Firstly, the three initial things to do (which I will not go into any depth with) are: –

  • Configuring any SharePoint Views to display only the columns the users need to see.
  • Filtering the View data so that it displays only the records required to be available for choosing. I am assuming here that the users need to see records other than those they created.
  • Configuring the Integrated App to restrict the users (or the particular user) to only be able to do and see what they need.

However, there are a number of inbuilt SharePoint functions that allow a reasonably knowledgeable user to circumvent these controls and do/see things they should not be able to do.


Personal Views

The first thing to do is stop users from creating a Personal View to their liking. Firstly, go to Site Permissions > Permission Levels

WarrenBelz_0-1701563981138.png

Select Contribute and then at the bottom select Copy Permission Level

WarrenBelz_1-1701564014275.png

A name is then required (I call mine “No Personal Views”) and this new item can then be edited. There are some other permissions that may need excluding such as deleting items, but the main ones necessary here are the bottom category

WarrenBelz_2-1701564107549.png

This permission level should then be applied to all relevant users on the Lists/Libraries/Site connected to the function.


Grid View Editing

Next problem is Edit in Grid View, which allows again circumventing of field level restrictions. One way is to group any views by a field (or two), however a more robust alternative is to turn it off at List/Library level. To do this, go into all the List/Library Settings and in Advanced Settings, turn off the Quick Editing Property

WarrenBelz_3-1701564232997.png

Multiple Selection Bulk Editing

Next, users will notice that if they select several items, a different bulk editing form will appear (actually the SharePoint default form). One way to stop this is to disable bulk editing by not allowing users to select multiple records. This is done at View Level, so select Edit Current View

WarrenBelz_4-1701564458273.png

Then scroll down to Tabular View and de-select Allow individual item checkboxes

WarrenBelz_5-1701564499973.png

New Items

This may not be quite done yet – what if the user should not create new records or upload new files (Library) – the options are still there. Again at View level, except this time choose Format View and paste this code into the JSON box

{
   "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/row-formatting.schema.json",
   "commandBarProps": 
   {
      "commands": 
      [
         {
            "key": "new",
            "hide": true
         },
         {
            "key": "upload",
            "hide": true
         }
      ]
   }
}

WarrenBelz_7-1701564856101.png

Library menus

One last item if dealing with a Library is that the default SharePoint appears in the right pane initially (selecting Edit All opens the Integrated form) – firstly select Edit Columns

WarrenBelz_10-1701565082836.png

And then de-select any fields that should not be edited on this form

WarrenBelz_9-1701565047143.png

This should put plugs in most of the “plugholes” of concern and allow proper controlled management of the data.

This post was originally published on this site

- Advertisement -spot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement - Advertisement

Latest News

Embed Python Visuals in Power BI Desktop – Quick Review

Hi Folks, This post is all about embedding Python visuals in Power BI, you will need to install the respective...

More Articles Like This

- Advertisement -spot_img