You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/embedded/concepts/app-concepts/sharing-and-perm.md
+7-7Lines changed: 7 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -5,10 +5,10 @@ ms.date: 5/17/24
5
5
ms.localizationpriority: high
6
6
---
7
7
8
-
# Sharing and Permissions in SharePoint Embedded
8
+
# Sharing and permissions in SharePoint Embedded
9
9
10
10
11
-
## Additive Permissions
11
+
## Additive permissions
12
12
In SharePoint Embedded, content always inherits permissions from its parent hierarchy. While you cannot alter this inherited permission structure, you can extend access within a container by applying "additive permissions" to specific files and folders. For instance, if _UserA_ belongs to the Reader role, you can grant the user edit permission to a particular document in that container using Microsoft Graph:
13
13
14
14
| Scenario | Microsoft Graph API(s) | Notes |
@@ -18,15 +18,15 @@ In SharePoint Embedded, content always inherits permissions from its parent hier
18
18
| Delete an additive permission |[DELETE /drives/{drive-id}/items/{item-id}/permissions/{perm-id}](/graph/api/permission-delete)| You can only delete the additive permission on the drive item where it was originally added. |
19
19
20
20
21
-
## Role-based Sharing Setting
21
+
## Role-based sharing setting
22
22
23
23
SharePoint Embedded offers a role-based sharing model that allows developers to configure file-sharing permissions based on container permission roles, offering a choice between restrictive and open sharing model. By default, the sharing setting is configured to the open model, permitting unrestricted content sharing by all users. This sharing setting is part of [container type configuration](containertypes.md#configuring-container-types). This configuration can only be set by application owner's developers. To learn more about container permission roles, please refer to [Authentication and Authorization with SharePoint Embedded](auth.md#container-permissions).
24
24
25
-
### Restrictive Sharing Model
25
+
### Restrictive sharing model
26
26
27
27
Only container members who are either the Owner or Manager roles are permitted to add new permissions to files.
28
28
29
-
### Open Sharing Model
29
+
### Open sharing model
30
30
31
31
Any container members and guests with edit permissions can add new permissions to this file.
By default, SharePoint Embedded application sharing configuration is the same as the consuming tenant sharing configuration. For example, if the consuming tenant is configured to disable sharing for guests, then the SharePoint Embedded application is unable to add guests to container roles or grant them additive permissions.
43
43
44
-
### Application External Sharing Override
44
+
### Application external sharing override
45
45
46
46
For SharePoint Embedded applications, sharing configurations can be adjusted at the application level. Consuming tenant admin can configure permissions that are different than tenant level sharing settings. For example, if a tenant's sharing setting prohibits sharing with guests, SharePoint Embedded applications can be configured to allow guest sharing. Consequently, all containers within that SharePoint Embedded application would have the ability to include guests or extend additional permissions, while other SharePoint Embedded applications and SharePoint maintain restricted sharing permissions.
0 commit comments