MSgraph (Site.read.all) access to SharePoint list data prevented by permissions set on the sharepoint site

Coleman, Mark 21 Reputation points
2021-10-04T14:38:21.423+00:00

We have an application that has site.read.all access.
Is this permission overruled by actual permissions to the sharepoint list set in SharePoint?

I ask as we seem only able to call the list details when the logged in user (via AD SSO) has been given permissions to read the list data.
Is this the case? or are we making an error in our MS graph call?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,726 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,755 questions
0 comments
Accepted answer
  1. Vasil Michev 96,161 Reputation points MVP
    2021-10-04T16:10:16.883+00:00

    If you are running in the context of a user (delegate permissions), the resulting permissions are always the subset of permissions granted to your app and those the user has. In other words, you will never be able to leverage "higher" permission that what the user has. If you are running in the application permission model, there is no user and thus you get unrestricted access (whatever the permissions allow, Sites.Read.All will allow all read operations).

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest