Deny Direct Access to Lists in SharePoint-Hosted Add-in
https://sharepoint.stackexchange.com/questions/212702
-
17-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Not finding any real answer to this question, so not sure if I am articulating my question correctly...
SCENARIO:
I am creating an college registration form for students using a SharePoint-hosted Add-in. Requirements make it thus and MUST be all self contained rather than split up (cross-domain). Therefore, lists and libraries are created by the add-in when deployed. Students are able to register and add documents just fine.
The problem I am seeing is that if a student happens to know the direct URL to the list or library, instead of using the GUI design, he/she would then be able to view/edit all the other student records and personal information.
Aside from naming the lists crazy names, is there anything I can do? Worried that some one might read through a JavaScript file, and figure out locations. I want to force the user to ONLY use the GUI (ASPX page) and not see the SharePoint side of things.
CAVEAT: There might be certain people who will need to access these lists directly to "Open with Explorer".
Solution
The best way I have found is though security bits and to remove the allitems view from the list.
