Key features of the SharePoint Framework

Besides the types of projects the SharePoint Framework supports, there are other key aspects of the approach that developers need to be aware of.

First, and foremost, the SharePoint Framework-based customizations and custom code runs in the context of a logged-in current user and connection with the browser.

Elevation of privileges, which would often be a way for developers to circumvent the permission model of SharePoint in full-trust code, are not used with the SharePoint Framework. As no IFrames are used, all code that you deploy that is based on the SharePoint Framework always executes with the permissions, privileges, and access of the current user. Keep this in mind when implementing your solutions, as you might need to store additional data elsewhere and the user either must have access to that location, or you need to resort to external code to shield your data or make it harder to access directly.

Each solution that you choose to make available for users can be deployed either on classic SharePoint pages or modern SharePoint pages. The difference between the two is that classic pages are what most users are accustomed to using and modifying. Modern pages are, as the name implies, a newer model based on a canvas rather than individual zones (called the web part zones). When implementing your solutions, you typically do not have to worry whether or not the hosting page will be classic or modern; they both work, and presumably more and more pages in the future will simply be modern pages.