add permission model and add sharing article#10878
Conversation
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
|
Learn Build status updates of commit c4464c5:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/embedded/development/permission-model.md | View | Details | |
| docs/embedded/development/sharing.md | View | Details | |
| .openpublishing.redirection.json | ✅Succeeded | View | |
| docs/embedded/administration/consuming-tenant-admin/ctaUX.md | ✅Succeeded | View | |
| docs/embedded/development/auth.md | ✅Succeeded | View | |
| docs/embedded/development/sharing-and-perm.md | ✅Succeeded | n/a (file deleted or renamed) | |
| docs/toc.yml | ✅Succeeded | View |
docs/embedded/development/permission-model.md
- Line 6, Column 13: [Warning: ms-service-subservice-invalid - See documentation]
Invalid value for 'ms.service': 'sharepoint-embedded'.
docs/embedded/development/sharing.md
- Line 6, Column 13: [Warning: ms-service-subservice-invalid - See documentation]
Invalid value for 'ms.service': 'sharepoint-embedded'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
There was a problem hiding this comment.
Pull request overview
This PR rewrites and restructures SharePoint Embedded (SPE) documentation by splitting the legacy “Sharing and Permissions” article into two concept-focused articles (permission model vs. sharing APIs), updating navigation and cross-links, and adding redirects for the removed content.
Changes:
- Adds new concept articles for the SPE permission model and sharing behavior/endpoints.
- Removes the legacy combined article and updates internal references + TOC.
- Adds redirects from legacy paths to the new sharing article.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/toc.yml | Replaces the legacy “Sharing and Permissions” TOC entry with two entries for the new articles. |
| docs/embedded/development/sharing.md | New sharing article covering policy settings + Graph sharing endpoints and behaviors. |
| docs/embedded/development/permission-model.md | New permission model article covering container roles, additive grants, inheritance, and move/copy behavior. |
| docs/embedded/development/sharing-and-perm.md | Removes the legacy combined article content. |
| docs/embedded/development/auth.md | Updates the “sharing” reference link to the new sharing article. |
| docs/embedded/administration/consuming-tenant-admin/ctaUX.md | Updates roles reference link to the new permission model article. |
| .openpublishing.redirection.json | Adds redirects from both legacy article locations to the new sharing article path. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| > [!WARNING] | ||
| > Breaking inheritance is hard to undo. Avoid it unless you specifically need a folder or file to have permissions that don't follow its parent. For most scenarios, a regular grant on the item is enough, because the grant adds to what the user already has. | ||
|
|
||
| To break inheritance on a folder or file, call [`driveItem: invite`](/graph/api/driveitem-invite) on the item with `retainInheritedPermissions` set to `false`. The parameter defaults to `true`, which is why regular grants don't break inheritance. |
| - By default, the application follows the consuming tenant's SharePoint Online sharing capability. | ||
| - When a SharePoint Embedded administrator in the consuming tenant runs [Set-SPOApplication](/powershell/module/sharepoint-online/set-spoapplication) with `-OverrideTenantSharingCapability $true`, the application uses the value passed to `-SharingCapability` instead, independent of the tenant-level setting. | ||
|
|
||
| ```powershell | ||
| Set-SPOApplication ` | ||
| -OwningApplicationId <owningApplicationId> ` | ||
| -OverrideTenantSharingCapability $true ` | ||
| -SharingCapability <sharingCapability> | ||
| ``` |
Reworded sections for clarity and consistency regarding permissions in SharePoint Embedded.
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
|
Learn Build status updates of commit 167ddba:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/embedded/development/permission-model.md | View | Details | |
| docs/embedded/development/sharing.md | View | Details | |
| .openpublishing.redirection.json | ✅Succeeded | View | |
| docs/embedded/administration/consuming-tenant-admin/ctaUX.md | ✅Succeeded | View | |
| docs/embedded/development/auth.md | ✅Succeeded | View | |
| docs/embedded/development/sharing-and-perm.md | ✅Succeeded | n/a (file deleted or renamed) | |
| docs/toc.yml | ✅Succeeded | View |
docs/embedded/development/permission-model.md
- Line 6, Column 13: [Warning: ms-service-subservice-invalid - See documentation]
Invalid value for 'ms.service': 'sharepoint-embedded'. - Line 82, Column 31: [Warning: bookmark-not-found - See documentation]
Cannot find bookmark '#granting-access-to-a-folder-and-everything-in-it' in 'embedded/development/permission-model.md'.
docs/embedded/development/sharing.md
- Line 6, Column 13: [Warning: ms-service-subservice-invalid - See documentation]
Invalid value for 'ms.service': 'sharepoint-embedded'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Category
What's in this Pull Request?
Rewrites and splits the SharePoint Embedded permissions and sharing docs.
Splits the legacy
sharing-and-perm.mdarticle into two focused, concept-oriented articles and updates references.What changed
New articles
docs/embedded/development/permission-model.md— Explains how access works across containers, folders, and files, the four container roles (Owner, Manager, Writer, Reader), and how to break inheritance.docs/embedded/development/sharing.md— Explains the sharing surface in SPE (Graph endpoints, sharing settings, and how sharing interacts with the permission model). Graph-only — no PowerShell equivalents.Removed
docs/embedded/development/sharing-and-perm.md— Content rewritten and split into the two articles above.Updated references
docs/embedded/development/auth.md— Updated link to point to the newsharing.md.docs/embedded/administration/consuming-tenant-admin/ctaUX.md— Updated link to point to the newpermission-model.md.docs/toc.yml— Replaced the single "Sharing and Permissions" entry with two entries for the new articles..openpublishing.redirection.json— Added redirects from both legacysharing-and-perm.mdpaths (docs/embedded/development/anddocs/embedded/concepts/app-concepts/) to the newsharing.md.Why
The original article mixed two distinct concepts — the permission model and the sharing APIs — which made it harder to use as a reference. Splitting them lets each topic stand on its own and aligns with how customers actually approach the platform.
Validation
sharing-and-perm.md.