SPO WBBag: January 3
THE ENABLE or DISABLE Custom Scripts Challenge.
In this Weekly SharePoint Online Brown Bag I will talk about Governance in a company point of view about the Enable Custom Scripts in SharePoint Online as a Migration Consultant
My usual note
Perfect people or companies don’t exist. I’m the first to admit I’m not mistake free, that’s because I learn and share. If so please comment to Improve
These days performing a migration in some industry sectors can bring many challenges. Why? Because security is very tight and nothing can go out the corporation environment.
CHALLENGES IN THIS POST
- Enable Custom Scripts Implications
- SharePoint Development Challenges
- The “Sharing is Caring” concept
Trust me, I’ve seen just about everything in the context of migrations to SharePoint Online. For those who are starting out in this area and because there are several utilities that make a wizard-type migration possible, the temptation is often to take a Site Collection and place it online as it is. Is this a good practice? Of course not, doing the same thing and expecting different results is insanity, even if all the scripts work and I have a website up in 1 hour.
FIND FLAT STUCTURE, Hub Sites and follow the line, good videos out there.
Now let’s go back to the implication of activating this option, what does it do when activated?
Set-SPOSite -DenyAddAndCustomizePages 0
From the Microsoft Site
- Scripts have access to everything the user has access to.
- Scripts can access content across several Microsoft 365 services and even beyond with Microsoft Graph integration.
What does this mean really this?
Any user who has “Add and Customize Pages” permission (part of the Design and Full Control permission levels) to any page or document library can insert code that can potentially have a powerful effect on all users and resources in the organization.
From a Migration point of view, in practice, does this mean that you will have to develop the migrated sites that contain scripts from scratch? YES, looks crazy no? BUT NOT. Everything has a reason.
In the early days of development in SharePoint, in this article I will only focus on the 2003 version, development was very demanding, because there was not much documentation and the learning curve was big, there were many sleepless nights.
When SharePoint 2007 appeared, the concept of FARM and inherited permissions also appeared, something that did not exist before, at this time good practices began to appear, but even so it was not possible to invent much, developers had to reinvent themselves and share how could, in good measure with the goodwill of those who shared in the Outlook Express NNTP groups, now imagine and go back further when the product was actually launched.
But what does this have to do with the context of DenyAddAndCustomizePages anyway? ALL. When Microsoft started to launch Services like BPOS and Live@Edu it became clear that the development paradigm had to change, on the other hand years ago Microsoft didn’t have a policy of making things easier, now with SasS everything changed.
SO the SharePoint Framework (SPFx) was launched and now Microsoft really understood that it needed help to develop on his platform, so, Microsoft as a First Party Developer and the Programmers as Third Party developers, FINALLY, and the the slogan ” Sharing is Caring” appear. This is cool it’s YUPIII.
The following are some of the key features included as part of the SPFx:
- The controls are rendered in the normal page DOM.
- The controls are responsive and accessible by nature.
- It enables the developer to access the lifecycle in addition to render, load, serialize and deserialize, configuration changes, and more.
- The developer toolchain is based on popular open-source client development tools such as NPM, TypeScript, Yeoman, webpack, and gulp.
- Performance is reliable.
- End users can use SPFx client-side solutions that are approved by the tenant administrators (or their delegates) on all sites, including self-service team, group, or personal sites.
- SPFx web parts can be added to both classic and modern pages.
- SPFx solutions can be used to extend Microsoft Teams.
This means from Microsoft
But in my sole opinion Scripts Disable are Good because it will disallow your users to save LIST or SITES as templates and upload to a another tenant. If you have Confidential information this is really bad if active. “Usually” Secret Documents are not allowed in SharePoint Online.
The “Sharing is Caring” concept PnP
The community grow a lot, developers become evolving sharing and extending tools, samples, really live savers.
What is Sharing is Caring?
Sharing is Caring is a PnP program that provides hands-on guidance on using and contributing to the Microsoft365 community
The Enable Custom Scripts represent a BIG role on your effort estimation, usually if you have Systems with a Shutdown Date. Keep in mind this particular topic, it will define all your team projection and capacity.
Hope that help you in some constraints that you have.
That’s all for this week, see you next time