Share via

Getting "Access Denied" after having the correct permissions assigned. Graph API

Shuzmm 21 Reputation points
2022-01-23T22:07:22.337+00:00

I'm trying to use the Graph API to access SharePoint items, by running the sample query "Search for Site By Name".

Which requires the permissions Site.Read.All and Sites.ReadWrite.All. As specified in the MS Doc below:
site-search

And these permissions have been granted.
167595-screenshot-2.png

However when I try to run this, it gives me the "Access Denied" response
167594-screenshot-1.png

I cannot think of any other reasons why it wouldn't work.
Any ideas would be greatly appreciated

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,271 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
3,044 questions
Accepted answer
  1. Zehui Yao_MSFT 5,866 Reputation points
    2022-01-24T07:09:55.33+00:00

    Hi @Shuzmm , You should add permissions to Microsoft Graph not SharePoint. Here are the correct steps
    167619-image.png
    167724-image.png

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JanardhanaVedham-MSFT 3,546 Reputation points
    2022-01-24T05:11:54.053+00:00

    Hi @Shuzmm ,

    Thanks for your clarification in the comments section. You can consider using OAuth 2.0 client credentials grant flow to acquire the application access token. As mentioned in this documentation, In the OAuth 2.0 client credentials grant flow, you use the Application ID and Application Secret values that you saved when you registered your app to request an access token directly from the Microsoft identity platform /token endpoint.

    The value passed for the scope parameter in this request should be the resource identifier (Application ID URI) of the resource you want, affixed with the .default suffix. For Microsoft Graph, the value is https://graph.microsoft.com/.default. This value informs the Microsoft identity platform endpoint that of all the application permissions you have configured for your app in the app registration portal, it should issue a token for the ones associated with the resource you want to use.

    167614-image.png

    You can also consider using Postman API tool for API endpoint testing such as getting the application access token and runing the various microsoft API queries.

    Please refer this documentation for more information on this :

    https://learn.microsoft.com/en-us/graph/auth-v2-service?view=graph-rest-1.0
    https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow

    Hope this helps.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it ,so that it will be helpful to the other community users. If you have any further questions about this answer, please click "Comment".

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.