Restrict Azure Application to have access only to one specific SharePoint List

Viktor Meglenovski 5 Reputation points
2024-07-02T13:20:31.4233333+00:00

Hello,

I am trying to restrict the access of an Azure Application to one specific SharePoint list from one specific SharePoint site.

I have an Azure Application which has Application permissions for Sites.Selected and the new Lists.SelectedOperations.Selected permission.

Then I followed the instructions provided here:

https://learn.microsoft.com/en-us/graph/permissions-selected-overview?tabs=http

I sent the following request with an authentication token retrieved with the CLIENT_ID, TENANT_ID and CLIENT_SECRET from the Azure App.

POST https://graph.microsoft.com/beta/sites/{siteId}/lists/{listId}/permissions
Content-Type: application/json

{
  "roles": ["read"],
  "grantedTo": {
    "application": {
      "id": "{appId}"
     }
  }
}

This request returns status code 201 and says that the permission is created, but when I check using

GET https://graph.microsoft.com/beta/sites/{siteId}/lists/{listId}/permissions

the new permission is not saved there. Moreover, even though I have the Lists.SelectedOperations.Selected permission, I have access to all the lists in specific Site.

I am not sure whether there is something that I am doing wrong, or I am missing some steps in the process.

Any help is appreciated.

Thank you!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,289 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Vasil Michev 108.2K Reputation points MVP
    2024-07-02T16:00:44.63+00:00

    Afaik Microsoft is still in the process of rolling out this functionality, so not everything works currently. Wait for the official announcement/blog post.

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.