I’m using spjs_QueryItems to retrieve details from SharePoint lists in SharePoint Online. I’ve noticed that these calls fail if they are made by users that only have permissions to the list but not the site. Is this a known issue?
Its the call to the lists.asmx that fails with a 500 response – ‘Access Denied’. If I grant the user read access to the web that the list is on, the call works.
The user can load the list in their browser without needing permissions to the site. I can’t find any details about lists.asmx needing additional permissions. Have others noticed this?
To be able to use spjs_QueryItems the user must have “Use Remote Interfaces” permission. This is by default on for all groups in a site, but unfortunately the user must have at least read access to the site (or possibly the site collection root site) to be able to use these webservice calls.
Thanks Alexander. The odd thing we have noticed is that in the top level site collection, users do not need read access to the web for the lists.asmx, but they do need it in a site collection under the /sites/ path. I’m not sure if it is something weird in this environment or root site collections behave differently. I have compared the site collection properties in PowerShell, but they are set up the same.