question

JohnHobbs-9775 avatar image
0 Votes"
JohnHobbs-9775 asked MichaelHan-MSFT commented

Issue accessing site via Graph via sites.selected permission

I have created an Azure app registration and granted SharePoint Sites.Selected access. I have granted access to a site via graph API for the application. I am unable to connect to the site or any files under the site via the application graph connection POST below. I have also done a GET permissions to confirm they are applied.

POST https://graph.microsoft.com/v1.0/sites/SiteName/permissions { "roles": [ "write" ], "grantedToIdentities": [ { "application": { "id": "4a0f379e-5a5f-490f-9703-51e5d5d8d73d", "displayName": "LV" } } ] }

Still unable to connect to GET the site GET https://graph.microsoft.com/v1.0/sites/tenant.sharepoint.com:/sites/SiteName
Error: { "error": { "code": "accessDenied", "message": "Access denied", "innerError": { "date": "2021-07-20T18:24:18", "request-id": "7673c6bb-9245-4a33-9c56-febb495b1a47", "client-request-id": "7673c6bb-9245-4a33-9c56-febb495b1a47" } } }

office-sharepoint-onlinesharepoint-dev
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JohnHobbs-9775 avatar image
0 Votes"
JohnHobbs-9775 answered MichaelHan-MSFT commented

I granted the site permissions via PowerShell via this article: https://ashiqf.com/2021/03/15/how-to-use-microsoft-graph-sharepoint-sites-selected-application-permission-in-a-azure-ad-application-for-more-granular-control/


I found that
GET https://graph.microsoft.com/v1.0/sites/SiteName/drives
returns accessDenied
What I had to do was:
GET https://graph.microsoft.com/v1.0/sites/tenant.sharepoint.com:/sites/SiteName
This returned the info about the site, then using ID from the last step I was able to connect:
GET https://graph.microsoft.com/v1.0/sites/tenant.sharepoint.com,xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx,xxxxxxxxx-xxxx-x-xxxx-xxxx/drives
I also confirmed I am only able to access the site with the site permissions added.

Thanks, this can be closed out.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JohnHobbs-9775,

Glad that you solved this issue. Thanks for your sharing. You could accept your answer to close this thread :)

0 Votes 0 ·
MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered MichaelHan-MSFT commented

Hi @JohnHobbs-9775,

Per my test, I could not reproduce this issue on my end. App with sites.selected permission can access the site normally.

You could try to use site-id instead in the request: https://graph.microsoft.com/v1.0/sites/{sitesId} . Then check the result.

If it doesn't work, you could use https://jwt.ms/ to decode the access token.



If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JohnHobbs-9775,
Is there anything update? Have you got this issue resolved?

0 Votes 0 ·
JohnHobbs-9775 avatar image
0 Votes"
JohnHobbs-9775 answered MichaelHan-MSFT commented

Not yet, is there official documentation I can look at to retry the setup?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.