Service principal access to sharepoint online

Question

Hello

I have created a service principal in Entra and this will be used by power automate or ADF to connect to a particular sharepoint online site to read and copy files from the sharepoint online.

Could you please tell me what permissions are required :

1. What all API permission in Entra is required so that access is granted to only one particular sharepoint site ?
2. Please provide the detailed steps. Should I use delegated or application permission in the API permission in Entra ?
3. Can we do this via portal and also via powershell command and how ? I have already created the service principal.

Thanks!

Answer 1

Hello Sourav,

To connect a service principal to a specific SharePoint Online site and allow it to read/copy files, follow these steps:

• API Permissions in Entra ID
  Go to Azure Active Directory > App registrations > select your service principal > API permissions. Add the following Microsoft Graph permissions with Application access:
  • Sites.Read.All: General read access across SharePoint.
  • Sites.Selected: Allows limiting access to specific sites.
    Grant admin consent for these permissions.
• Grant Access to a Specific SharePoint Site
  Use PowerShell to assign site-level access with Sites.Selected:
  1. Install SharePoint Online Management Shell:

          Install-Module -Name Microsoft.Online.SharePoint.PowerShell
     

  2. Connect to SharePoint Online:

          Connect-SPOService -Url https://[your-tenant-name]-admin.sharepoint.com
     

  3. Grant access to the site:

          Grant-SPOSiteDesignRights -Identity "[Site URL]" -Principals "[App ID]" -Rights View
     

References

• Microsoft Graph Permissions Reference
• Install and Use SharePoint Online Management Shell

If the information helped address your question, please Accept the answer.

Luis