question

harpalrana avatar image
0 Votes"
harpalrana asked RaytheonXie-MSFT commented

SharePoint online custom list access rest service block

I have SharePoint online portal. User is looking to secure the custom list where they don't want end-user to have direct permission to list but only interaction of list should be through a custom interface. The idea is to block User access since some of the users were able to run rest service and get data.

Please suggest is there possible workaround of this without impacting the speed of custom interfaces.

office-sharepoint-online
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @harpalrana ,
would you please provide us with an update on the status of your issue?

0 Votes 0 ·

Hi @harpalrana ,
I am checking to see how things are going there on this issue.

0 Votes 0 ·

Hi @harpalrana ,
I am checking to see if the problem has been resolved.

0 Votes 0 ·
RaytheonXie-MSFT avatar image
0 Votes"
RaytheonXie-MSFT answered

Hi @harpalrana ,
As far as I know ,there is no such way to disable rest service in sharepoint online. Users can access rest service with only read permission. If we remove the read permission ,the list also unavailable for them. We can just block rest service in sharepoint server but not sharepoint online. We can set IIS URL Rewrite Rule to redirect users to other site by edit web.config in server, but we are unable to do this in sharepoint online.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

harpalrana avatar image
0 Votes"
harpalrana answered harpalrana commented

thank you @RaytheonXie-MSFT for your response. Can you please suggest workaround where I can develop my custom SharePoint online application without giving any access of back end custom list to user. We want to avoid using SharePoint on-premise or server side development.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @harpalrana ,
We can remove the permission of users in list page by stop sharing. But once we remove the permission, the list will be unavailable for them too.
138857-image.png


0 Votes 0 ·
image.png (15.9 KiB)

Thanks @RaytheonXie-MSFT however my question is more of related to architecture of application design where I need to have backend as custom list with frontend as SharePoint online and some kind of middleware for secure communication

0 Votes 0 ·
RaytheonXie-MSFT avatar image
0 Votes"
RaytheonXie-MSFT answered RaytheonXie-MSFT commented

Hi @harpalrana ,
We can grant access using SharePoint App-Only. Please set permission with list like following

 <AppPermissionRequests AllowAppOnlyPolicy="true">
   <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="FullControl" />
 </AppPermissionRequests>

Then use client id and client secret to access sharepoint online
Please refer to the following link to grant access
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
following link for permission level
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RytheonXie the above approach requires rewriting of complete code. I am not using SharePoint App. I have application with Angular JS.

0 Votes 0 ·

Hi @harpalrana ,
We don't need to rewrite the code. I think we can get certification with app and retrieve data with sharepoint rest api

0 Votes 0 ·