Possible to limit SharePoint API/ Graph API access to a specific Sharepoint List?

Arvidsson, Alexander 0 Reputation points
2024-04-24T08:15:26.4133333+00:00

Hi,

Currently working at a project for a client where we need to develop an API that connects and syncs items to and from one of their SharePoint lists.

The client's concern is that our API will be able to access all contents on their SharePoint site. Is it possible to restrict our access to the Graph API in a way where we can only access that one SharePoint list and nothing else?

As the API we're connecting from is hosted outside their tenant we're thinking of having the client create a multitenant application with delegated access on Microsoft Entra ID and then connect through oauth to the API.

I've never really worked with Microsoft Entra ID before but would it be possible to enable some kind of limited access for the delegated user?

Thank you!

Alexander Arvidsson

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,645 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,682 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RaytheonXie_MSFT 31,606 Reputation points Microsoft Vendor
    2024-04-25T01:58:06.05+00:00

    Hi @Arvidsson, Alexander,

    I would recommend you to use Sites.Selected permission to reach your requirement. As with other delegated scopes the minimal intersection of application and user permissions is used. Increasing the ability of admins to control application access to specific site collections and require user presence/access. Here is some document for you to reference

    https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins-modernize/understanding-rsc-for-msgraph-and-sharepoint-online

    https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/develop-applications-that-use-sites-selected-permissions-for-spo/ba-p/3790476

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.