none
SharePoint o365 not able to use REST query when Remove View Application Pages permission from Permission Level RRS feed

  • Question

  • I was using REST to do CRUD operation to SharePoint O365 list. which was working fine but due to some security issue I have to Remove View Application Pages from READ Permission Level. After removing the permission I can't use CRUD operation.

    It return 0 result :

    https://***/sites/**/_api/web/lists/GetByTitle('Vendor Details')/Items?$select=Name&$orderby=Created desc&$filter=ID eq 1

     

    Is there permission issue ?  The user having Contribute Access in the List. when i put Admin Permission it work :(

    Even if I select all in Permission Level for Contribute still i am not getting any results. Does SP take time to replicate the permissions ? What are the Minimum level of Permission Requred to Run CRUD operation in a List by REST api through Javascript ?  it says Access denied. You do not have permission to perform this action or access this resource.


    Thanks and Regards

    Er.Pradipta Nayak
    Visit my Blog
    Xchanging





    Sunday, February 26, 2017 11:36 AM

All replies

  • The REST APIs are essentially in the same place as the Application Pages.  So if you remove read access to the Application pages you are removing Read access to the APIs.  There is no way to get around that.

    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

    Sunday, February 26, 2017 1:11 PM
  • really very bad news for me. Actually i want to Hide the Site Content Link from top Gear Menu & all direct access to Application pages. so that user can't access these pages. I think as it is O365 Site it would nearly impossible by Master page (security trimming) as the Master page has very less control on the Top part which is commonly used by all o365 sites ?

    Thanks and Regards

    Er.Pradipta Nayak
    Visit my Blog
    Xchanging

    Sunday, February 26, 2017 4:11 PM
  • Hi Pradipta,

    As Paul said, it is necessary to grant the application read permission to the web so that we can use REST API in the page.

    Workaround:

    If need to hide the application page for other users, we can use CSS style to hide it, find the page link CSS with IE developer tool and set display to none to hide it:

    Hide The Top Navigation On A SharePoint 2013 And Office 365 Site Using CSS

    Another workaround:

    Place the page into a single library and then set the library permission to prevent users access.

    Thanks

    Best Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 27, 2017 7:30 AM