We have an application that has site.read.all access.
Is this permission overruled by actual permissions to the sharepoint list set in SharePoint?
I ask as we seem only able to call the list details when the logged in user (via AD SSO) has been given permissions to read the list data.
Is this the case? or are we making an error in our MS graph call?