You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/embedded/concepts/app-concepts/sharing-and-perm.md
+1-15Lines changed: 1 addition & 15 deletions
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.localizationpriority: high
9
9
10
10
11
11
## Additive Permissions
12
-
In SharePoint Embedded, users cannot break the permission inheritance; they can only add "additive permissions" to content such as files and folders within a Container. To grant extra permissions to a user beyond what they have on the Container, for example, if *UserA* is member of the Reader role, you can allow that user to edit a specific document in that Container using the Microsoft Graph:
12
+
In SharePoint Embedded, content always inherits permissions from its parent hierarchy. While you cannot alter this inherited permission structure, you can extend access within a container by applying "additive permissions" to specific files and folders. For instance, if _UserA_ belongs to the Reader role, you can grant the user edit permission to a particular document in that container using Microsoft Graph:
@@ -18,8 +18,6 @@ In SharePoint Embedded, users cannot break the permission inheritance; they can
18
18
| Delete an additive permission |[DELETE /drives/{drive-id}/items/{item-id}/permissions/{perm-id}](/graph/api/permission-delete)| You can only delete the additive permission on the drive item where it was originally added. |
19
19
20
20
21
-
22
-
23
21
## Role-based Sharing Setting
24
22
25
23
SharePoint Embedded offers a role-based sharing model that allows developers to configure file-sharing permissions based on Container permission roles, offering a choice between restrictive and open sharing model (default). This sharing setting is part of [container type configuration](containertypes.md#configuring-container-types). This configuration can only be set by application owner's developers. To learn more about container permission roles, please refer to [Authentication and Authorization with SharePoint Embedded](auth.md#container-permissions).
By default, SharePoint Embedded app sharing configuration is the same as consuming tenant sharing configuration. For example, if the consuming Tenant disabled sharing to Guest users, then your SharePoint Embedded application won’t be able to add Guest Users to the Container roles or grant them additive permissions.
By default, SharePoint Embedded app sharing configuration is the same as the consuming tenant sharing configuration. For example, if the consuming tenant is configured to disable sharing for Guest users, then the SharePoint Embedded application is unable to add Guest Users to Container roles or grant them additive permissions.
0 commit comments