This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 45%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
I need
privileges with admin consent for my application (running as a scheduled background service) to be able to access (read) files stored on SharePoint and OneDrive
The application works perfectly (with the latest MsGraph API), but in production running at a larger organization, we'd like to limit it's privileges scope to only access certain users' SharePoint and OneDrive storages, similarly to limiting access
How can it be configured?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 8%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Tom Magyar ,
Please refer to this related post.
Hope this helps.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".
Hi @Sheena-MSFT ,
Unfortunately post you've linked doesn't solve my problem, however it raises almost the same question, so at least I know I'm not the only one who would need this.
As stated in my original post, I was already aware of limiting the access to specific SharePoint sites, but I need something similar for limiting to specific (e.g. members of a user group) OneDrive roots (or folders, but in my case that's not a hard criteria).
Thank you for the attempt anyway, but I'm still looking forward for the proper solution.
Cheers,
Tom
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 0%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZY%3C/text%3E%3C/svg%3E)
Hi @Tom Magyar Since Graph does not specify any functions that can be accessed by special users, I think the only thing that can be done is to set it on the sharepoint or onedrive side. The following are the relevant setting reference documents I found, I hope this can help you.
Limit OneDrive access by security group: https://learn.microsoft.com/en-us/onedrive/limit-access
Block access to SharePoint for specific users: https://learn.microsoft.com/en-us/microsoftteams/block-access-sharepoint
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Tom Magyar , is the method provided above useful to you?