Share via

Help on permissions

Glenn Maxwell 11,496 Reputation points
2024-09-19T20:46:47.7766667+00:00

Hi All,

I have an Azure App Registration with the following Microsoft Graph API permissions. I am working with an internally hosted application and want to use this Azure SPN (Service Principal Name) within the application. Specifically, I want to pull metadata from a SharePoint sites, such as details of a particular folder (e.g., folder name, folder creation date, etc.). Will the delegated permissions below work for this purpose? Please guide me if any additional permissions are required. Can we provide Azure SPN access on the SharePoint sites. I dont have much knowledge on APIs.

1

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,273 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
3,044 questions
Accepted answer
  1. Rohit Raghuwanshi - MSFT 625 Reputation points Microsoft Vendor
    2024-09-20T06:42:05.4733333+00:00

    Hi Glenn Maxwell,
    Thank you for reaching out, Microsoft!

    You can use application permissions rather than using delegated permissions to retrieve SharePoint sites, files and folders metadata. Please ensure you provide below application permissions to your app under API permissions and grant admin consent.
    ***Files.Read.All
    Sites.Read.All

    User's image

    And then use GET driveItem endpoint to fetch SP files and folders.

    GET /sites/{site-id}/drive/items/{item-id}
    User's image

    Please refer the below docs for more details:

    https://learn.microsoft.com/en-us/graph/permissions-reference
    https://learn.microsoft.com/en-us/graph/api/driveitem-get?view=graph-rest-1.0&tabs=http

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Emily Du-MSFT 47,301 Reputation points Microsoft Vendor
    2024-09-25T10:29:08.51+00:00

    Based on your screenshot, apart from existing delegated permissions, you need to grant Sites.ReadWrite.All delegated permission for Azure App Registration to pull metadata from a SharePoint sites

    Here are articles of detailed description of what APIs Sites.ReadWrite.All and Sites.FullControl.All can obtain.

    And refer this post to connect SharePoint online by using Azure service principal.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.