Hi @Sourav,
As a SharePoint engineer, below is my suggestion:
- API Permissions in Entra:
- You should use Sites.Selected permission instead of Sites.Read.All or Sites.ReadWrite.All. The Sites.Selected permission allows you to grant access to specific sites rather than all sites in the tenant.
- Delegated vs. Application Permissions:
- For this scenario, you should use Application permissions. Application permissions are used when the app runs without a signed-in user, which is typical for background services like Power Automate or Azure Data Factory.
- Two methods:
Via Portal
- Add API Permissions:
- Go to API permissions > Add a permission > Microsoft Graph > Application permissions.
- Select Sites.Selected and click Add permissions.
- Grant admin consent for the permissions.
- Grant Access to Specific SharePoint Site:
- Navigate to the SharePoint site where you need to grant access.
- Open the site with the URL format:
https://[your_site_url]/_layouts/15/appinv.aspx
. - Enter the Client ID (Service Principal ID) for your application and click Lookup.
- Set the permissions in the AppInv page to grant the necessary access.
Via PowerShell
Install SharePoint Online Management Shell:
- Install SharePoint Online Management Shell:
- Install the SharePoint Online Management Shell if you haven't already.
- Connect to SharePoint Online:
Connect-SPOService -Url https://[your-tenant]-admin.sharepoint.com
- Grant Access to the Service Principal:
$appId = "your-app-id" $siteUrl = "https://[your-site-url]" $permission = "Read" $app = Get-SPOAppPrincipal -Site $siteUrl -AppId $appId Set-SPOAppPrincipalPermission -Site $siteUrl -AppPrincipal $app -Scope Site -Right $permission
Reference:
Microsoft Graph Permissions Reference
Good day!
If the answer is helpful, please click "Accept as Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.