Share via

Granting SharePoint List Level Permissions to an Application Using Graph Explorer

Dan Nemeth 20 Reputation points
2025-03-25T00:19:56.86+00:00

Using Graph Explorer, access to a SharePoint site can be granted to an application, and list permissions can be retrieved. However, granting permissions at the list level does not seem to work. The documentation here indicates that the appropriate API call is POST /sites/{siteid}/lists/{listid}/permissions with a specific role. While the "permissions" command appears in intellisense in beta, attempts to use it are unsuccessful.

Using the grantedTo or grantedToV2 properties yields the error: "Property grantedToV2 in payload has a value that does not match schema." Conversely, using grantedToIdentities produces an "invalid request" message. The GET requests function without issues, and POST requests at the site level with /sites/{siteid}/permissions and the grantedToIdentities property are successful.

The app registration has been configured with Sites.FullControl.All and Lists.SelectedOperations.Selected permissions with admin consent.

There is a suspicion that the documentation might be incorrect regarding this functionality.

Additionally, is there an alternative method to grant list-level permissions to an application without resorting to the deprecated “/_layouts/15/appregnew.aspx” method?

Thanks,
Dan

Microsoft Security | Microsoft Graph
0 comments
Answer accepted by question author
  1. Rajat Vashistha-MSFT 1,780 Reputation points Microsoft External Staff
    2025-03-25T08:32:35.7633333+00:00

    Hi Dan Nemeth,

    Thanks for reaching out to Microsoft!

    I would like to inform you that assigning SharePoint site permissions at the list level is currently in the rollout phase. While you may be able to run the command successfully using the beta version, it is known that it may not assign the required permissions as expected. This behavior is being addressed.

    In the meantime, I recommend waiting until the feature is rolled out globally. Until then, you can utilize the "Sites.Selected" permission, which manages application access at the site collection level and provides access to a specific site collection.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.