Share via

I would like to know how to restrict sites using "Sites.Selected".

Ren Higashida 45 Reputation points
2024-11-14T05:22:46.6366667+00:00

Currently, we are using the Graph API of "Search Sites" to get a list of SharePoint sites.
https://learn.microsoft.com/ja-jp/graph/api/site-search?view=graph-rest-1.0&tabs=http

The documentation for "Search Sites" states,
"Note: This method does not support Sites.Selected application permissions."
So, it is recognized that "Search Sites" cannot restrict sites using "Sites.Selected" because it is stated that "Sites.

If it is the "List Sites" one, would it be affected?
https://learn.microsoft.com/ja-jp/graph/api/site-list?view=graph-rest-1.0&tabs=http

What Graph APIs are affected by the restriction of sites using "Sites.Selected"?

Also, I understand that "Sites.Selected" is an application type permission setting, but can it also be set as a delegation type permission setting?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,392 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
3,073 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ling Zhou_MSFT 18,560 Reputation points Microsoft Vendor
    2024-11-14T06:53:20.1133333+00:00

    Hi @Ren Higashida,

    Thank you for posting in this community.

    The Sites.Selected application permission is designed to restrict an application's access to specific site collections. However, it does not support listing all sites in the organization.

    Instead, the Sites.Read.All and Sites.ReadWrite.All application permissions are required.

    User's image

    Yes, the Sites.Selected permission can now be set as a delegation type permission setting.

    Initially, the Sites.Selected scope was only available for application-only authentication scenarios. However, as of February 2024, SharePoint supports delegated Sites.Selected authentication. This means that you can now use the Sites.Selected permission in scenarios where an application is consented to the delegated scope, allowing the application to access specific site collections with the minimal intersection of application and user permissions.

    Reference: SharePoint now supports delegated Sites.Selected authentication.

    I also checked in my environment and did have Sites.Selected in delegated permissions.

    User's image

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Hitesh Pachipulusu - MSFT 3,310 Reputation points Microsoft Vendor
    2024-11-14T08:21:54.1766667+00:00

    Hello Ren Higashida,

    Thank you for reaching out to Microsoft Support!

    The "Search Sites" API does not support the "Sites.Selected" application permissions, meaning it cannot restrict sites using this permission.

    Regarding the "List Sites" API, it is affected by the "Sites.Selected" permission. This permission allows applications to access only specific sites that have been explicitly granted access.

    Delegated Permissions:

    "Sites.Selected" is primarily designed for application permissions, but it can also be used with delegated permissions. This means that a user can delegate access to specific sites to an application, allowing the application to perform actions on behalf of the user within those sites.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.