How to allow my app without user to access ONLY specific drive or folder

清水明士 51

Dear community,

I'm creating an app using Microsoft Graph to upload/download files from/to OneDrive/SharePoint.
This app is a type of demon, without users, which is triggered by other app or process in auto.

The app is given Files.ReadWrite.All permission which requires Admin Consent.
This Files.ReadWrite.All permission is too strong to use in my case.

How do we restrict the app to access only specific drives or folders of OneDrive/SharePoint?

Accepted answer

Vasil Michev 95,666 Reputation points MVP

2021-12-23T07:24:05.353+00:00

You cannot restrict it to specific files only, but you can restrict which Site collections (drives) can be accessed as detailed here: https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/
Or consider using the delegate permissions model instead.
Please sign in to rate this answer.
清水明士 51 Reputation points

2021-12-24T00:06:54.787+00:00

That's what I want to know. Thank you, michev.

Zehui Yao_MSFT 5,831 Reputation points

2021-12-28T03:09:24.287+00:00

Hello, @清水明士 , If michev's answer helps you, please remember to accept it as answer, which helps others who meet a similar issue to find the correct answer quickly in the future.

清水明士 51 Reputation points

2022-01-05T04:04:42.003+00:00

please remember to accept it as answer

Thank you for letting me know it, ZehuiYaoMSFT-715. I did it.

Iyanuloluwa Osuolale 1 Reputation point

2022-01-07T05:42:42+00:00

This does not give me access to the drive, would I need to give the app the file.readwrite.all permission too?

Deepak Aggarwal 1 Reputation point

2022-05-17T12:26:24.283+00:00

In delegate permission model, all files of the user used for login will be still be accessible or can the access be restricted to a particular folder in onedrive?
Sign in to comment

How to allow my app without user to access ONLY specific drive or folder

0 additional answers