Merge pull request #665 from cindylay/app-permissions

Stacyrch140 · web-flow · commit 615b3f19f8f6 · 2024-08-29T19:48:03.000-04:00
Cmdlets for 1P Guest App Permissions
diff --git a/sharepoint/sharepoint-ps/sharepoint-online/Get-SPOApplication.md b/sharepoint/sharepoint-ps/sharepoint-online/Get-SPOApplication.md
@@ -2,7 +2,7 @@
 external help file: sharepointonline.xml
 Module Name: Microsoft.Online.SharePoint.PowerShell
 online version: https://learn.microsoft.com/powershell/module/sharepoint-online/get-spoapplication
-applicable: SharePoint Online
+applicable: SharePoint
 title: Get-SPOApplication
 schema: 2.0.0
 author: cindylay
@@ -32,7 +32,7 @@ Get-SPOApplication [[-OwningApplicationId] <OwningApplicationid>] [[-Application
 
 ## DESCRIPTION
 
-The `Get-SPOApplication` cmdlet retrieves and returns all third-party SharePoint Embedded applications registered in a tenant that match the given criteria. You must be a SharePoint Online Administrator or Global Administrator to run the cmdlet. For permissions and the most current information about Windows PowerShell for SharePoint Online, see the online documentation at [Intro to SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/introduction-sharepoint-online-management-shell?view=sharepoint-ps). 
+The `Get-SPOApplication` cmdlet retrieves and returns SharePoint Embedded applications of all publishers registered in a tenant that match the given criteria. You must be a SharePoint Administrator to run the cmdlet. For permissions and the most current information about Windows PowerShell, see the online documentation at [Intro to SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/introduction-sharepoint-online-management-shell?view=sharepoint-ps). 
 
 ## EXAMPLES
 
@@ -50,37 +50,38 @@ Example 1 returns all SharePoint Embedded applications registered in the specifi
 Get-SPOApplication -OwningApplicationId <OwningApplicationId>
 ```
 
-Example 2 lists the details of the owning application corresponding to the `OwningApplicationId` registered in the specified tenant.
+Example 2 provides details about the owning application in the specified tenant. It returns Applications, which includes the list of guest application IDs with permissions to the owning application, as well as the SharingCapability settings and the OverrideTenantSharingCapability status
 
 ### Example 3
 
 ```powershell
 Get-SPOApplication -OwningApplicationId <OwningApplicationId> -ApplicationId <ApplicationId>
 ```
 
-Example 3 enumerates permissions of the owning applications registered in the specified tenant.
-
+Example 3 enumerates app-only permissions of the guest application specified in `ApplicationId`.
 ## PARAMETERS
 
 ### -OwningApplicationId
 
-Use this parameter to get details about apps registered in the specified tenant.
+Use this parameter to get details about applications registered in the specified tenant.
 
 The following details are returned:
 
 - OwningApplicationId
 
 - OwningApplicationName
 
-- Storage
-
 - Applications (by id)
+
+- SharingCapability
+
+- OverrideTenantSharingCapability
   
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases:
-Applicable: SharePoint Online
+Applicable: SharePoint
 
 Required: False
 Position: Named
@@ -91,13 +92,13 @@ Accept wildcard characters: False
 
 ### -ApplicationId
 
-Use this parameter to enumerate permissions of the owning applications registered in the specified tenant.
+Use this parameter to enumerate app-only permissions of the guest application id with access to the specified owning application.
 
 ```yaml
 Type: String
 Parameter Sets: ParamSet2
 Aliases:
-Applicable: SharePoint Online
+Applicable: SharePoint
 
 Required: False
 Position: Named
@@ -114,4 +115,4 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 ## RELATED LINKS
 
 [Get-SPOContainer](./Get-SPOContainer.md)
-[Set-SPOApplication] (Set-SPOApplication.md)
+[Set-SPOApplication](./Set-SPOApplication.md)
diff --git a/sharepoint/sharepoint-ps/sharepoint-online/Set-SPOApplicationPermission.md b/sharepoint/sharepoint-ps/sharepoint-online/Set-SPOApplicationPermission.md
@@ -0,0 +1,143 @@
+---
+external help file: sharepointonline.xml
+Module Name: Microsoft.Online.SharePoint.PowerShell
+online version: https://learn.microsoft.com/powershell/module/sharepoint-online/set-spoapplicationpermission
+applicable: SharePoint
+title: Set-SPOApplicationPermission
+schema: 2.0.0
+author: cindylay
+ms.author: cindylay
+ms.reviewer:
+---
+
+# Set-SPOApplicationPermission
+
+## SYNOPSIS
+
+Manages permissions for a guest application to access a SharePoint Embedded application.
+
+## SYNTAX
+
+
+### ParamSet1
+
+```powershell
+Set-SPOApplicationPermission 
+[[-OwningApplicationId] <OwningApplicationid>] [[-ApplicationId] <ApplicationId>] [[-PermissionAppOnly] <AppOnlyPermission>] [[-PermissionDelegated] <DelegatedPermission>]
+``` 
+
+## DESCRIPTION
+
+The `Set-SPOApplicationPermission` cmdlet manages permissions for a guest application's access to a SharePoint Embedded application. This includes adding, updating, and deleting guest application permissions. A guest application is defined as any application within the enterprise applications of the owning tenant. 
+
+You must be a SharePoint Administrator to run this cmdlet. For permissions and the most current information about Windows PowerShell for SharePoint Online, see the online documentation at [Intro to SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/introduction-sharepoint-online-management-shell?view=sharepoint-ps). 
+
+> [!NOTE]
+> Only app-only permissions are supported for guest applications accessing SharePoint Embedded applications. Delegated permissions are not supported and are default set to `None`.
+
+## EXAMPLES
+
+### Example 1
+
+```powershell
+Set-SPOApplicationPermission -OwningApplicationId a187e399-0c36-4b98-8f04-1edc167a0996 -ApplicationId 12345678-1234-1234-abcd-abcdefghijkl -PermissionAppOnly Read, Write
+```
+
+
+Example 1 gives the guest application with ID `12345678-1234-1234-abcd-abcdefghijkl` app-only Read, Write permissions to access the owning application Microsoft Loop of ID `a187e399-0c36-4b98-8f04-1edc167a0996`.
+
+### Example 2
+
+```powershell
+Set-SPOApplicationPermission -OwningApplicationId 5e2795e3-ce8c-4cfb-b302-35fe5cd01597 -ApplicationId 12345678-1234-1234-abcd-abcdefghijkl -PermissionAppOnly ReadContent, WriteContent -PermissionDelegated None
+```
+
+Example 2 gives the guest application with ID `12345678-1234-1234-abcd-abcdefghijkl` app-only ReadContent, WriteContent permissions to access the owning application Microsoft Designer of ID `a187e399-0c36-4b98-8f04-1edc167a0996`.
+### Example 3
+
+```powershell
+Set-SPOApplicationPermission -OwningApplicationId 5e2795e3-ce8c-4cfb-b302-35fe5cd01597 -ApplicationId 12345678-1234-1234-abcd-abcdefghijkl -PermissionAppOnly None -PermissionDelegated None
+```
+
+Example 3 sets guest application permissions to None for the guest application with ID `12345678-1234-1234-abcd-abcdefghijkl`. This has deleted previous permissions for that guest application to access owning application of `a187e399-0c36-4b98-8f04-1edc167a0996`. 
+
+## PARAMETERS
+
+### -OwningApplicationId
+
+Use this parameter to specify the Owning Application where guest application access is granted.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: SharePoint
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ApplicationId
+
+Use this parameter to specify the guest application ID. A guest application is any application within the tenant's enterprise applications.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: SharePoint
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PermissionAppOnly
+
+Use this parameter to specify the app-only permissions of the guest application.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: SharePoint
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+``` 
+
+### -PermissionDelegated
+
+This parameter specifies delegated permissions which are not supported for guest applications at this time.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases:
+Applicable: SharePoint
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+``` 
+
+
+### CommonParameters
+
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+
+
+## RELATED LINKS
+
+[Get-SPOApplication](./Get-SPOApplication.md)
+[Set-SPOApplication](./Set-SPOApplication.md)
