Applies To: SharePoint Online
Description
NITRO Studio can be installed with one of the below permission levels in SharePoint Online site collection.
1. NITRO API (tenant level)
- Tenant administrator needs to grant this permission.
- NITRO API will have full control permissions on all site collections in the SharePoint. This option makes the NITRO Studio installation and updates easier.
2. NITRO Site API (site.selected)
- Tenant administrator need to allow NITRO Site API in the tenant. This step does not grant permissions on any of the site collections.
- When NITRO is installed in any of the site collections, NITRO Site API will get full control permissions on that site collection only.
Difference between NITRO API and NITRO Site API:
| NITRO API (tenant level) | NITRO Site API (site.selected) |
| It will have full control permission on all site collections. | It will have full control permission on only those site collections where NITRO Studio is installed. |
| Custom script can be enabled automatically using this permission level. Scripting is required for certain steps like adding links to NITRO in the site. | Custom script cannot be enabled automatically. SharePoint administrator need to enable it manually. |
| All site collections will be shown on the NITRO studio installation page. User can find the required site collection and initiate installation. | Only those site collections where NITRO Studio is installed are shown. To add NITRO to a new site collection, user need to enter the URL of the site collection. |
Select the permission option as per your organization policies.
Refer to this article to install NITRO Studio and activate NITRO for a site.
Permissions required for different API’s:
| Crow Canyon Authentication API (with NITRO API) | This API is required for logging into NITRO Studio installation home page: https://crowcanyonnitro.azurewebsites.net |
| Basic permissions only – User.Read, OpenId profile. | |
| Normal users can grant permissions for themselves. | |
| Administrator can grant permission for entire organization. | |
| Crow Canyon Authentication API (with NITRO Site API) | This API is required for logging into NITRO Studio installation home page: https://crowcanyonnitro.azurewebsites.net |
| Delegated permissions – Full control on all site collections. Note that this does not allow NITRO applications to access the sites. It is only used on this site to enable ‘NITRO Site API’ permissions on the site collection where NITRO Studio is installed. | |
| NITRO API | Full control permissions on all SharePoint site collections |
| Term store and user read permissions | |
| NITRO Site API | Full control permissions only on the site collections where NITRO Studio is installed |
| Term store and user read permissions | |
| Crow Canyon Advanced Approval/NITRO Workflows/Product App | Full control permissions on the site collection where NITRO Studio is installed. This is same as NITRO Site API permission. |
| SharePoint list items are created/updated in the context of these Apps. With separate permissions we can identify which app has created/updated the list item. | |
| Crow Canyon Email API | Mail read/write/send permissions on specific mailboxes that are used to send or receive emails in the application. |
| Permissions are restricted to specific mailboxes with an additional step using PowerShell. | |
| Crow Canyon Calendar API | Calendar read/write/send permissions on specific mailboxes. Permissions are restricted to specific mailboxes with an additional step using PowerShell. |
| Optional: Required if Workflows/Custom actions need to create meetings. | |
| Crow Canyon Teams API | Group read/write permissions. |
| Optional: Required for Workflow/Custom actions to create Teams/Channels. | |
| Azure AD API (Read) | Read permissions on Directory/Group/Group Member/User. |
| If not granted, NITRO will not be able to read AD groups and group members. | |
| Azure AD API | Read and Write permissions on Directory/Group/Group Member/User. |
| Optional: If any AD write operations are required, otherwise use Read API. NITRO Onboarding application can create/update in Microsoft Entra (AD). |
Custom Scripting:
NITRO Studio installation requires that custom scripting is enabled for the site collection.
- Enable custom script in app catalog site collection and the site collection in which NITRO Studio will be installed.
- Use the PowerShell to set the tenant level flag to not disable the custom script (see the last step in below article)
Please refer to this article How to enable scripting capabilities with PowerShell – Crow Canyon Software Support to enable custom script.
Use of custom scripting in NITRO Studio:
- Custom script is required for the following steps during NITRO Studio installation
- Installing NITRO Modern SPFx components in the site collection.
- NITRO apps links in the site settings page and the settings menu (gear icon in upper right corner).
- NITRO Apps links in list settings page and classic UI list ribbon.
- Create modern site pages
- Custom script is required for the following steps during NITRO update/repair
- To update NITRO Modern SPFx components in the site collection.
- Create or update links in sites settings page and settings menu (gear icon in upper right corner).
- Create or update NITRO Apps links in list settings page and classic UI list ribbon.
- Create or update modern site pages
- In NITRO Apps settings pages, for sites using Modern UI, scripting is required only to create NITRO application administration link using modern branding app. For sites using classic UI, scripting is required for below steps:
- Adding web parts for below apps to classic SharePoint pages (webpart pages).
- List Search
- List View
- List Rollup
- Tiles and Dials
- NITRO Reports
- Publish NITRO Forms for SharePoint classic experience. If the list is using modern experience, then this is not required.
- Create Custom Actions in list/form ribbon and edit control block for SharePoint classic lists.
- To use the following features in Crow Canyon Classic Branding, custom script is required
- Launch NITRO forms in a dialog
- Translator Widgets
- Application Administration
- For below features in NITRO Site Settings page for the classic SharePoint sites:
- Live Chat Integration
- Security Settings
- NITRO Linked Items app for classic SharePoint lists
- Adding web parts for below apps to classic SharePoint pages (webpart pages).
- Note that custom script is not required for both classic and modern sites for regular usage by end users. It is only required during installation, upgrade and configuration of NITRO apps.
- During NITRO 3.0 Upgrade
- Installing NITRO Modern SPFx components in the site collection.
- NITRO apps links in the site settings page and the settings menu (gear icon in upper right corner).
- NITRO Apps links in list settings page and classic UI list ribbon.
- Create modern site pages
