How to access Microsoft SharePoint with only one site write permission instead of fullcontrol access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2024 01:29 AM
We are trying to setup SharePoint integration using Microsoft SharePoint online spoke. For this we need Sites.ReadWrite.All permission but our organization not supposed to give full permission. So how we can setup with only specific site without fullcontroll or Sites.ReadWrite.All.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2025 02:20 PM
Not sure if you finally resolved your issue, but a better solution the the Microsoft SharePoint online spoke is:
DTech Apps certified ServiceNow store application DocIntegrator. It can solve this "need for Sites.ReadWrite.All permission" challenge by offering a more granular and flexible approach to SharePoint Online permissions compared to the Microsoft SharePoint Online spoke.
Here's how DocIntegrator typically addresses this limitation:
Granular Site-Specific Permissions: Instead of requiring a broad, tenant-wide permission like Sites.ReadWrite.All, DocIntegrator often allows you to configure connections and grant permissions to specific SharePoint sites or even specific libraries within those sites. This aligns perfectly with your organization's security policy of limiting permissions.
Different Authentication Models: DocIntegrator might offer various authentication methods, including options that allow for more restricted permission scopes. For example, using OAuth 2.0 with specific resource permissions or a dedicated service principal with precisely defined access to only the necessary sites.
Controlled Access Through Configuration: DocIntegrator's configuration within ServiceNow likely provides fields where you can specify the exact SharePoint site URLs or library paths that the integration needs to interact with. This allows you to scope the integration's access to only what is required.
How this differs from the OOTB Spoke (potentially):
The out-of-the-box Microsoft SharePoint Online spoke designed to operate with broader, more encompassing permissions for simplicity or to cover a wider range of potential use cases. This can sometimes clash with stricter organizational security policies.
To leverage DocIntegrator for this scenario:
Explore DocIntegrator's Connection Configuration: Within ServiceNow, examine the configuration options for establishing a SharePoint Online connection using DocIntegrator. Look for settings that allow you to specify individual site URLs or restrict access to specific resources.
Review DocIntegrator's Authentication Methods: Determine if DocIntegrator supports authentication methods beyond those requiring Sites.ReadWrite.All. OAuth 2.0 with tailored permissions is a likely possibility.
Consult DTech Apps Documentation: The official documentation for DocIntegrator will be the definitive guide on how to configure connections with specific site permissions. Look for sections on authentication, connection setup, and permission management.
By utilizing DocIntegrator's more granular permission capabilities, you can establish the necessary SharePoint integration without granting the broad Sites.ReadWrite.All permission, thus adhering to your organization's security constraints. You would configure DocIntegrator to specifically target the sites your integration needs to access.
