![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 56.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
3,704 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 54%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Hi TCA
Thanks for reaching out to Microsoft Q&A forum support
Based on your description, I understand that you want to find the way to use Graph API to give authorization to operate a specific site instead of all sites. I have conducted some research and find the information may help you
Step 1: Granting Site.Selected permission for Graph application via Entra ID
- Go to the Microsoft Entra admin center
- In the left-hand navigation, select "Applications" and then "App registrations".
- Select your application (the one you're building or configuring to interact with SharePoint).
- In the left-hand menu for your application, click on "API permissions".
- On the "API permissions" page, click "Add a permission".
- Select "Microsoft Graph" from the list of APIs.
- Under the "Delegated permissions" or "Application permissions" (depending on your app type and scenario), search for "Sites".
- You will then see options like Sites.FullControl.All, Sites.Manage.All, Sites.Read.All, and Sites.Selected. You would check the box next to Sites.Selected and then add the permissions.
Step 2: Based on this article, you can use this endpoint to grant Create a new permission object on a site.
POST https://graph.microsoft.com/v1.0/sites/{sitesId}/permissions
Content-Type: application/json
{
"roles": ["write"],
"grantedToIdentities": [{
"application": {
"id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
"displayName": "Contoso Time Manager App"
}
}]
}
I've been using the Microsoft Graph API to give an authorization to operate specific site instead of all sites on the same tenant. Due to limitations in accessibility and resources, the tests I've conducted were in a somewhat limited environment. Because of this, the results might not perfectly reflect your concern. So beyond continuing to explore these methods and find more insight about this problem, you can check at the link: Limiting access to SharePoint Online resources via the Graph API - Blog
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link
Hope you will solve the problem soon
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.