Remember that client side code is the new full trust code. Any script, Marcs, scripts downloaded from scripts.ru, SPFx etc will all run under the current users account and have access to everything the user has access to.
Remember that client side code is the new full trust code.
Wictor Wilén
2

I should point out that this has been the case for script-based solutions in SharePoint for as long as there have been script-based solutions in SharePoint.

I’m not trying to write off the security concerns at all. What I’m trying to encourage is better, more open, collaborative discussions about them between IT and the people who need stuff done. Starting with “No” doesn’t work.

All regulations and statutes must be supportable as requirements by policy or governance. In some cases that means no script (as a by-product of the requirements), but there is no single answer to these discussions. Your basket of clients and my basket of clients have different complexions, as do Julie’s or Thake’s or anyone else’s.

Show your support

Clapping shows how much you appreciated Marc D Anderson’s story.