![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 62%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,624 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
To provide granular access to specific folders in SharePoint for a Service Principal (application) without giving it access to the entire SharePoint site, follow these steps:
- Create the Service Principal and Add SharePoint API Permissions:
- In Azure Active Directory (Entra ID), register your application (if not done already).
- Go to API Permissions for the app and add SharePoint permissions. Choose the appropriate level of permission, such as Sites.Selected for limited access to specific sites and folders.
- Grant admin consent for the API permissions if required.
- Grant Limited Access to the SharePoint Site:
- Navigate to the SharePoint site where you need to give access.
- Open the site with the URL format:
https://[your_site_url]/_layouts/15/appinv.aspx. - Enter the Client ID (Service Principal ID) for your application.
- Click "Lookup," and SharePoint will populate the app details.
- Open the site with the URL format:
- Set Permissions in AppInv Page:
- In the "Permission Request XML" field, specify granular access to a specific folder.
- The following XML can be used to define read or write access to specific folders. For example:
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list" Right="Read" /> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web/list/folder" Right="Write" /> </AppPermissionRequests> - Replace
sitecollection/web/list/folderwith the appropriate path to the folder you want to grant access to.
- The following XML can be used to define read or write access to specific folders. For example:
- Use the Microsoft Graph API or SharePoint API for Granular Access:
- Once the permissions are configured, you can use the Microsoft Graph API or SharePoint REST API in Azure Data Factory to access only the folders the Service Principal has access to.
- To limit the scope to specific folders, you can use the
Sites.Selectedpermission and then assign permissions to the Service Principal via the SharePoint Online PowerShell or the Microsoft Graph API.
- To limit the scope to specific folders, you can use the
- Configure Azure Data Factory for Folder-Specific Access:
- When configuring ADF's connection to SharePoint, ensure the Service Principal is using only the permissions granted to specific folders.
- Use the correct folder path in your ADF activities to interact with the desired content.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 33%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)