List subwebs by using the Office 365 REST API requires to have edit rights

Today I was facing a weird issue and I think it can be the same for others people so I decided to share this experience.

For an application which uses the Office 365 REST API (especially the SharePoint REST API), I tried to reduce the rights necessary to run (in the Microsoft Azure Portal).

The initial configuration was the following :

Azure Rights - Initial Configuration

With this configuration, I was able to retrieve data from sites, webs, subwebs, lists, etc…

Because the application doesn’t necessary need to edit the data, I tried to remove the ‘Edit or delete items in all site collections‘ permission as you can see below.

Azure Rights - IssueWith this new configuration, I tried to execute the following request :

https://tenant.sharepoint.com/_api/Web/Webs/

The URL above allows you to retrieve the list of subwebs from the given site.

When I execute this request, I receive the following JSON response which indicates that I’m not authorized to do this action.

{
    error =     {
        code = "-2147024891, System.UnauthorizedAccessException";
        message = "Access denied. You do not have permission to perform this action or access this resource.";
    };
}

But if I try to access https://tenant.sharepoint.com/_api/Web/ to retrieve information (title, server relative URL…) from the current site, everything works fine.

Revert the permissions to the initial configuration has solved the issue but I’m very surprised to see that it’s necessary to have ‘edit‘ permissions to be able to retrieve the list of subwebs.

Hope this will help you if you encounter the same issue  😉

 

Advertisements

4 thoughts on “List subwebs by using the Office 365 REST API requires to have edit rights

  1. Pingback: Office 365 Developer Podcast: Episode 037 on ng-conf and Angular with Office 365 development | POKORNY

  2. Pingback: Office 365 Developer Podcast: Episode 037 on ng-conf and Angular with Office 365 development | Nokipedia

  3. Pingback: Office 365 Developer Podcast: Episode 037 on ng-conf and Angular with Office 365 development » PC Portal of Wausau

  4. Pingback: Office 365 Developer Podcast: Episode 037 on ng-conf and Angular with Office 365 development | Office 365 Deployment Autoblog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s