Problem: Use the Client Side Object Model (CSOM C#) to add a new master pages to a site collection and switch the master page.
Initial Hypothesis: Writing to a site collection only required contribute rights or even "designer" rights at the web application permission level.
Resolution: The minimum permission set for changing master pages is "Full Permission" which a site owner and the site collection admin have. So to switch master pages you need a high set of permissions. UI allows master pages to be switched when the user only has "Design" permissions. This proof is flawed as the UI and CSOM permissions are different. Can the UI have different permissions to the CSOM API??? Am I going mad.
SPWeb object with Design user permissions cannot be updated and the API returns an "Access Denied Error" - Thanks to Sachin Khade for identifying this.
Updated 26/05/2017: So the reply I got from the engineer who raised a Microsoft ticket is "SharePoint designer and SharePoint GUI only need to have design permission to change the master page. This is because SharePoint designer is created as an extension of the SharePoint product. However, since CSOM calls are coded using Visual studio, the code flow involved in this is different and hence requires permissions that are higher than what SPD needs."
Summary: "Design" rights allow the user to change the master page using the UI however the same user cannot switch the master page using the CSOM C# approach.
Updated 26/05/2017: Thanks to Aswin Bhaskaran for working out a minimum permission set for using CSOM to switch the master pages on a site collection:
Note: "Design" rights can be applied at the Web Application Policy level allowing the accounts with "Design" rights the ability to add master pages. The "Design" permission is only built into SP at the Site Collection level, I created the "Design" permission with the same permissions at the web application level to ensure my account in the Web app Design group has access to all site collections on my web app.
Note: Microsoft do not recommend customized master pages for O365 or future development. Rather inject JavaScript to modify pages.
Initial Hypothesis: Writing to a site collection only required contribute rights or even "designer" rights at the web application permission level.
Resolution: The minimum permission set for changing master pages is "Full Permission" which a site owner and the site collection admin have. So to switch master pages you need a high set of permissions. UI allows master pages to be switched when the user only has "Design" permissions. This proof is flawed as the UI and CSOM permissions are different. Can the UI have different permissions to the CSOM API??? Am I going mad.
SPWeb object with Design user permissions cannot be updated and the API returns an "Access Denied Error" - Thanks to Sachin Khade for identifying this.
Updated 26/05/2017: So the reply I got from the engineer who raised a Microsoft ticket is "SharePoint designer and SharePoint GUI only need to have design permission to change the master page. This is because SharePoint designer is created as an extension of the SharePoint product. However, since CSOM calls are coded using Visual studio, the code flow involved in this is different and hence requires permissions that are higher than what SPD needs."
Summary: "Design" rights allow the user to change the master page using the UI however the same user cannot switch the master page using the CSOM C# approach.
Updated 26/05/2017: Thanks to Aswin Bhaskaran for working out a minimum permission set for using CSOM to switch the master pages on a site collection:
Note: Microsoft do not recommend customized master pages for O365 or future development. Rather inject JavaScript to modify pages.
0 comments:
Post a Comment