Expand Minimize

SMA285701: Deploy CustomAction via App Model

Custom Actions are Deployable through the App Model, however the Schema is limited and some customisations through this will not be viable.

CheckId SMA285701
TypeName CustomActionRecommendations
Severity CriticalWarning
Type CustomAction

Full Trust Approach App Approach
Custom Action

Custom actions are a flexible way of adding or taking away functionality from declarative elements of the page. Typical usages of a custom action are to hide Ribbon buttons, include JavaScript into an existing master page, remove access to elements for non Administrators or to link new functionality to the UI.

Custom Actions With Limited Schema

The Schema for the App Model is limited, allowing only new UI links. This is limited on purpose for security reasons. For these security reasons, you are unable to ScriptLink, Hide Elements, Create Command UI Handlers, or create Custom Action Groups with this schema.

Impact of Full Trust Approach Benefit of App Approach
Dependency on deployed files

When you create a an element in SharePoint from a Declarative file, the content you have created is then dependent on the xml files they are described in. When these need to be retracted, due to an update, a change in the system, or part of a disaster recovery plan, this link is broken. This will ultimately, cause issues in the long run.

Cloud Application Model

Only new UI links can be used in the AppHostWebFeatures CustomActionDefinition.

Efforts and Benefits

Migration Impact Critical
Re-Design Effort Critical
Re-Development Effort Low
Long Term Benefit High

Effort Drivers

  • Simplify future migration paths, by breaking dependencies on deployed files

To suppress this violation in XML SharePoint code add the following comment right before the XML tag which causes the rule violation. Learn more about SuppressMessage here.

<!-- "SuppressMessage":{"rule":"SMA285701:CustomActionRecommendations","justification":"Provide reason for suppression here"} -->
Disclaimer: The views and opinions expressed in this documentation and in SPCAF do not necessarily reflect the opinions and recommendations of Microsoft or any member of Microsoft. SPCAF and RENCORE are registered trademarks of Rencore. All other trademarks, service marks, collective marks, copyrights, registered names, and marks used or cited by this documentation are the property of their respective owners.