How To Secure Your Spfx Designed SharePoint Online Form And Workflow - The Best Security For An Spfx Project

- 1 answer

I am developing (with help from SO members) an SPFX webpart(s) which comprises of a form and eventually a workflow that is essentially a glorified approval process with a UI connected to several lists and libraries. After discussing the pros and cons of developing webparts for SP-Online, a developer said a weakness in security was the ability for the end user to simply bypass the web part and go straight to the list or library (if there are no permissions set on that list/library). To seal off the list/lib I am planning on using SharePoint Designer workflows that run on item creation. This workflow will set access to only the creator and any people picker fields in the UI form.

My question is - are there are tips out there or sure fire processes that I can follow that can protect a project such as this from nosey folk?

Apologies to mod's if this isn't in the right place? Can you redirect me if so?



You could use SecurityTrimmedControl to show or hide components based on the user permissions.

Or custom logic similar as the demo.


SPFx use current user context(permission) to access SharePoint, so if user could access(CRUD) list data form SPFx, they can get data either by rest api or excel etc.,if you limit user permission for target items, you need other design to bypass this issue(check this thread).