Allow application to have access to specific one drive folder only

Question

I need API which can upload file to specific user's specific folder path and share link. I found documentation https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_createlink?view=odsp-graph-online which requires Files.ReadWrite.All, Sites.ReadWrite.All permission for application type.

This permission( Files.ReadWrite.All, Sites.ReadWrite.All) is global scope like once approved, then application can have access to any user's any data which can be security concern.

I found https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/ where we can have specific site permission but this only allows to restrict specific user wise. I don't find any option where specific one-drive folder of specific user site is configured.

Basically I want to know do we have any API or configurations which can help to achieve need where only specific folder of specific user is allowed for OneDrive REST API.

Answer 1

Hi anonymous user-4624,

You cannot restrict to specific drive folder, but you can restrict to specific Site collections using Sites.Selected, as suggested: https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/

Alternatively delegated permissions will restrict access on sites/drives user have access to that you can use.

Hope this helps.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".