Hi @Giridharan Sriram ,
For application permission, the effective permissions of your app will be the full level of privileges implied by the permission. As long as the app has permission, the user would have permission no matter if he has the permission or not.
For delegated permissions, the effective permissions of your app will be the intersection of the delegated permissions the app has been granted (via consent) and the privileges of the currently signed-in user. So it needs both the user and app has permission to the file. If one of them doesn't have permission, the user would not have access.
For graph api delegated and application permissions, the details are in this article: https://learn.microsoft.com/en-us/graph/auth/auth-concepts#microsoft-graph-permissions.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.