How to allow my app without user to access ONLY specific drive or folder

清水 明士 56 Reputation points
2021-12-23T00:02:37.997+00:00

Dear community,

I'm creating an app using Microsoft Graph to upload/download files from/to OneDrive/SharePoint.
This app is a type of demon, without users, which is triggered by other app or process in auto.

The app is given Files.ReadWrite.All permission which requires Admin Consent.
This Files.ReadWrite.All permission is too strong to use in my case.

How do we restrict the app to access only specific drives or folders of OneDrive/SharePoint?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,488 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,940 questions
OneDrive Management
OneDrive Management
OneDrive: A Microsoft file hosting and synchronization service.Management: The act or process of organizing, handling, directing or controlling something.
1,296 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 109.5K Reputation points MVP
    2021-12-23T07:24:05.353+00:00

    You cannot restrict it to specific files only, but you can restrict which Site collections (drives) can be accessed as detailed here: https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/
    Or consider using the delegate permissions model instead.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.