question

ColemanMark-3307 avatar image
0 Votes"
ColemanMark-3307 asked ColemanMark-3307 commented

MSgraph (Site.read.all) access to SharePoint list data prevented by permissions set on the sharepoint site

We have an application that has site.read.all access.
Is this permission overruled by actual permissions to the sharepoint list set in SharePoint?

I ask as we seem only able to call the list details when the logged in user (via AD SSO) has been given permissions to read the list data.
Is this the case? or are we making an error in our MS graph call?


office-sharepoint-onlinemicrosoft-graph-sdk
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered ColemanMark-3307 commented

If you are running in the context of a user (delegate permissions), the resulting permissions are always the subset of permissions granted to your app and those the user has. In other words, you will never be able to leverage "higher" permission that what the user has. If you are running in the application permission model, there is no user and thus you get unrestricted access (whatever the permissions allow, Sites.Read.All will allow all read operations).

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thanks - that's pretty clear !
its really difficult to find this kind of info in the microsoft documentation.

0 Votes 0 ·