How to elevate App privileges to access advanced Features

Some of the features provided by the Muhimbi PDF Converter for SharePoint Online require a level of privileges slightly higher than what out-of-the-box SharePoint App Store apps are allowed to have. Rather than bypassing the App Store completely, making deployment more difficult, we provide the option to elevate the App Permissions manually, but only when certain functionality is needed. 

At the time of writing the only features that require elevated privileges are the following: 

  • Real-time watermarking.
  • Hiding the UI integration (For sites that only want to expose Muhimbi's workflow facilities)
  • Enabling Ribbon buttons (For sites where the App has been deployed via the App Catalog)
  • Converting web pages (via the User Actions menu)

If you do not require any of this functionality then there is no reason to carry out the steps below.

 

Prerequisites

Before starting the elevation process, please make sure the following prerequisites are in place:

  1. The user carrying out these steps must be a Tenant Administrator for the first (optional) elevation instructions. To elevate the Site Collection (2nd part of instructions below), the user will need to be a Site Collection Administrator.
  2. The user carrying out these steps must be a 'known-user'. In other words, logged in using the account used to register the trial, or one of the accounts provided when the subscription was purchased. If the menu links are not displayed on the left hand side of the PDF Converter's SharePoint screens then please contact our support desk.
  3. The PDF Converter for SharePoint Online App has already been installed in the Site Collection as per these instructions.
  4. The steps described below must be carried out in the root web of the site collection.

 

Elevating privileges

Privileges must be elevated separately for each site collection. To allow user specific regional settings and time zone information to be taken into account when applying watermarks, it is also recommended to carry out elevation at the Tenant level. This is optional and requires Tenant Administration privileges. If you only have Site Collection Administrator privileges then please skip to the 'Repeat elevation at the Site Collection Level' section.

To begin the elevation process, navigate to the SharePoint Admin Center ([your tenant]-admin.sharepoint.com) Add /_layouts/15/appinv.aspx to the end of the URL to access the 'elevation screen' . Please remember to use YOUR tenant's URL, but in our example it is acme-admin.sharepoint.com/_layouts/15/appinv.aspx.

 
Once opened, fill out the screen as follows:

  1. In the App Id field enter 80645d3a-62a3-4ce3-a224-ce22188d619c and click 'Lookup'.
  2. Do not change any of the fields, only paste the following XML in the 'Permission Request XML' field.
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="Read" />
</AppPermissionRequests>

 

The screen should look as follows (ignore the actual XML, it has changed since the screenshot was made):

Elevate_Privileges.png

 

Click the 'Create' button to continue to the following screen (it may look slightly different depending on the level at which elevation is carried out):

Elevate_Privileges_-_Trust.png

 
Click 'Trust it' to activate the new privileges.

 

Repeat elevation at the Site Collection Level.

  1. Navigate to the Site Collection and add /_layouts/15/appinv.aspx to the URL (e.g. [your tenant].sharepoint.com/sites/somesite/_layouts/15/appinv.aspx)
  2. In the App Id field enter 80645d3a-62a3-4ce3-a224-ce22188d619c and click 'Lookup'.
  3. Do not change any of the fields, only paste the following XML in the 'Permission Request XML' field.
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>


          Click the 'Create' button to continue, followed by 'Trust it' to activate the new privileges.

 

Enabling Advanced Features

Muhimbi's SharePoint Online software uses the concept of 'App Features' to toggle advanced functionality. Enabling these features is similar to SharePoint's own Site Collection and Site Features, however the screen is accessed differently.

Access the App Features screen as follows:

  1. Navigate to 'Site Contents'.
  2. Click on Muhimbi PDF Converter for SharePoint Online.
  3. The Product Information page for this product is now displayed. Providing you are registered as a known user you will see a 'Features' option on the left hand-side of the screen. If this option is not displayed then please see the Troubleshooting section at the end of this article.
  4. Click the Features Link, which displays the following screen. Click Activate to elevate the relevant Feature.
      

App_Features.png

 
If the following screen is displayed instead then the App has not been properly elevated. In that case please double check the steps provided above.
  

Not_elevated.png

 

Your App has now been elevated and everything is in place to use the relevant App Feature in this site collection.

 

Questions / troubleshooting

  1. The Features link is not displayed: If you don't see this option then please contact the person looking after your Muhimbi Subscription, or email our support desk.
  2. User is not allowed to open the appinv.aspx screen: You need to be a Site Collection Administrator in order to access this screen and a Tenant Administrator to submit it.
  3. Does the elevation process need to be carried out on other site collections? This process needs to be repeated for each Site Collection that requires the relevant App Feature.
  4. Does the elevation process need to be carried out on sub-sites? No, elevation MUST be carried out on the root site collection only.
  5. Does the App need to be re-elevated after reinstalling? If you ran the App elevated before it was reinstalled then it is recommended to re-elevate to ensure it works exactly the same as before. 
  6. Special steps when uninstalling: When uninstalling the Muhimbi PDF Converter App it is recommended to de-activate the App Feature before carrying out the uninstallation. Doing so an absolute requirement when uninstalling using SharePoint's App Catalog, otherwise it will no longer be possible to access PDF files. This is due to limitations in the App Catalog model. Also, please make sure that the App is still elevated (as described above) when uninstalling the App.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.