MS Graph cannot send sharing invite with Sites.Selected permission

Question

I have an application that has been granted the Sites.Selected permission and given write access to a specific sharepoint site.

I can successfully access the site via the Graph API, create folders, files, download files etc. However the application needs to grant specific users in our organisation access to various folders it creates, I am trying to use this call - https://learn.microsoft.com/en-us/graph/api/driveitem-invite?view=graph-rest-1.0&tabs=csharp but am getting an 'accessDenied' error.

I have tested using Sites.ReadWrite.All permission and the call works and grants the sharing correctly, however our administrator doesn't want to grant this as it then lets our application access all sites.

Should this work correctly? Is there another way to let the application manage access without granting it access to all sharepoint sites?

Thanks

Answer 1

Hi, dear @Emma

According to my test, it is currently not possible to use Sites.Selected permission to send sharing invitations. But my idea is the same as you. If only sharing invitations for specific sites, Sites.Selected permissions should be sufficient, because this is more in line with fine-grained control and access. It is definitely not a good idea to grant access to all sites just for sharing invitations for one site.

So I suggest you submit a user voice to add support for Sites.Selected permissions, and I will vote for you.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.