SharePoint 2013 Scope Requesting And Granting App Permissions

sharepoint 2013 apps permission.png


In this article, we will explore SharePoint 2013 apps security – Managing app permissions functionality to a SharePoint site.

SharePoint deveopment training course


If you have started creating a new SharePoint app in SharePoint 2013 which requires permissions to write into one or many lists of the host-web, you instantly realize that it is not possible to specify which Lists/Libraries should be given permissions to write.

Read some SharePoint 2013 tutorials:

That is because the Security model (controllable via the AppManifest.xml) does not work like that, but rather uses “Scope” as follows.


Open the Manifest Designer view (double-click the AppManifest.xml file). On the General tab, the Title text box should show the app name that you typed in “New app”  text box. Choose the Permissions tab to add the following permission requests for the app (see Figure ).

– In the first row of the Permission requests list, in the Scope column, choose Statusing in the drop-down list. In the Permission column, choose SubmitStatus.

sharepoint 2013 apps permission scope.jpg
sharepoint 2013 apps permission scope.jpg
sharepoint online apps permission scope.jpg
sharepoint online apps permission scope.jpg

– Requesting and granting app permissions

The Permissions tab of the app manifest designer supplied by Microsoft Visual Studio makes it easy to add and configure permission requests without having to work with the XML elements directly. The screenshot in Figure shows what the Permissions tab looks like when you are configuring permission requests. You are not required to make direct edits to the AppManifest.xml file to add permission requests.

sharepoint 2013 apps permission.png
sharepoint 2013 apps permission.png

There are several different types of permissions that an app can request in SharePoint 2013. The below table provides a listing of more common ones that can be used in app development in SharePoint 2013.

Table – Permission types in SharePoint 2013

Object type Scope URI Rights
Tenancy http://sharepoint/content/tenant Read, Write, Manage, FullControl
Site collection http://sharepoint/content/sitecollection Read, Write, Manage, FullControl
Host web http://sharepoint/content/sitecollection/web Read, Write, Manage, FullControl
Lists http://sharepoint/content/sitecollection/web/list Read, Write, Manage, FullControl
Search http://sharepoint/search QueryAsUserIgnoreAppPrincipal
BCS http://sharepoint/bcs/connection Read
Managed metadata http://sharepoint/taxonomy Read, Write
Social core http://sharepoint/social/core Read, Write, Manage, FullControl
Social tenancy http://sharepoint/social/tenant Read, Write, Manage, FullControl
Microsofeed http://sharepoint/social/microfeed Read, Write, Manage, FullControl


It is worth noting that running with app-only permissions is only possible when using external authentication. Executing calls from an app with app-only permissions is not possible when using internal authentication. Therefore, running with app-only permissions is not possible from SharePoint-hosted apps. Calls from a SharePoint-hosted app always require that app permissions and user permissions succeed.

Check out Best Alternative to InfoPath -> Try Now

free sharepoint training

SharePoint Online FREE Training

JOIN a FREE SharePoint Video Course (3 Part Video Series)


About Sagar Pardeshi

I am Developer working on Microsoft Technologies for the past 6+years. I am very much passionate about programming and my core skills are SharePoint, ASP.NET & C#,Jquery,Javascript,REST. I am running this blog to share my experience & learning with the community I am an MCP, MCTS .NET & Sharepoint 2010, MCPD Sharepoint 2010, and MCSD HTML 5,Sharepoint 2013 Core Solutions. I am currently working on Sharepoint 2010, MOSS 2007, Sharepoint 2013,Sharepoint 2013 App Dev, C#, ASP.NET, and SQL Server 2008.

View all posts by Sagar Pardeshi →