This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 51%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
Hello,
I am trying to restrict the access of an Azure Application to one specific SharePoint list from one specific SharePoint site.
I have an Azure Application which has Application permissions for Sites.Selected and the new Lists.SelectedOperations.Selected permission.
Then I followed the instructions provided here:
https://learn.microsoft.com/en-us/graph/permissions-selected-overview?tabs=http
I sent the following request with an authentication token retrieved with the CLIENT_ID, TENANT_ID and CLIENT_SECRET from the Azure App.
POST https://graph.microsoft.com/beta/sites/{siteId}/lists/{listId}/permissions
Content-Type: application/json
{
"roles": ["read"],
"grantedTo": {
"application": {
"id": "{appId}"
}
}
}
This request returns status code 201 and says that the permission is created, but when I check using
GET https://graph.microsoft.com/beta/sites/{siteId}/lists/{listId}/permissions
the new permission is not saved there. Moreover, even though I have the Lists.SelectedOperations.Selected permission, I have access to all the lists in specific Site.
I am not sure whether there is something that I am doing wrong, or I am missing some steps in the process.
Any help is appreciated.
Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi @Viktor Meglenovski,
This issue has idled for a long time, If the below answer by @Vasil Michev is helpful to this question, it would be appreciated if you can accept it as an answer so that others who stuck in similar issues could get answered quickly.
Thanks:)
Thank you for the updates. I have some progress thanks to @Vasil Michev but I still have some issues that I have left as a comment on the answer below.
Thank you!
Afaik Microsoft is still in the process of rolling out this functionality, so not everything works currently. Wait for the official announcement/blog post.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Hi and thank you for your reply. Do we have any date on which it is expected this feature to be up and running?
Actually, seems to be working already, at least for my tenants. I can add the /permissions entry and fetch it back just fine. I've also confirmed that I do get access to the item(s) in question. You should try again.
How's going today?
Do you have further concerns regarding this issue? Please feel free to talk with us if you have other questions. If the above info is helpful to this question, you can accept it as Answer.
Thanks.
Hello, thank you for the updates.
I can confirm that the permission is now added to the list of permissions. However, I still have access to all lists within the site. I assume that this is due to the fact that I have Sites.Selected permission? I have noticed that in order to create the permission using
POST https://graph.microsoft.com/beta/sites/{siteId}/lists/{listId}/permissions
The app needs to have permission to access the site. After I have created the List.Selected permission, I removed the Sites.Selected permission but after that the app doesn't have access to any list within the site.
Thank you!