Sites.Selected | Graph API SharePoint Permission

-

 


SharePoint Site Collection Permission

 

The "sites.selected" permission in Microsoft Graph API allows you to grant an application access to specific SharePoint sites instead of all SharePoint sites in the tenant.

 

Step1:

To  Configure "Sites.Selected" Permission in Azure App Registration

To use "sites.selected", you need to:

  1. Register an App in Azure AD.
  2. Grant "Sites.Selected" Permission to the app.
  3. Manually Grant Access to the specific SharePoint site.
  4. Use Microsoft Graph API or PowerShell to assign the required role (Read/Write).

 

Step 1: Register an App in Azure AD

  1. Go to Azure PortalAzure Active DirectoryApp Registrations.
  2. Click New registration.
  3. Provide a name (e.g., SharePointAccessApp).
  4. Choose Accounts in this organizational directory only.
  5. Click Register.

Step 2: Add "Sites.Selected" API Permission

  1. Navigate to API Permissions in the newly registered app.
  2. Click Add a permissionMicrosoft Graph.
  3. Select Application Permissions.
  4. Search for "Sites.Selected" and add it.
  5. Click Grant admin consent for your organization.

🚨 Note: Unlike "Sites.FullControl.All", the "Sites.Selected" permission does not automatically grant access. You need to assign site-specific permissions manually.

Step 3: Grant App Access to a Specific SharePoint Site

Now, you need to manually assign the app permission to a specific SharePoint site using Graph API.

Get SharePoint Site ID

Run the following API call to get the Site ID:

Example

https://qnsq.sharepoint.com/sites/OHSDeloitte/_api/site/id

 



 

Copy the Site ID from the response.

Assign Site Permission

Use this API call to grant permission to the registered App:

Postman

POST https://graph.microsoft.com/v1.0/sites/{site-id}/permissions

Authorization: Bearer {access-token}

Content-Type: application/json

 

Request:

{

  "roles": ["Read"],

  "grantedToIdentities": [{

    "application": {

      "id": "0c6e18db-2273-4db5-9710-a9c21d4e09a6",   //{app-id}

      "displayName": "SenthilAPP1Client"    //"Your App Name"

    }

  }]

}

 

🔹 Roles Available:

  • "read" → Read-only access
  • "write" → Read and Write access

 

Or Using Graph API Explorer:

 

1.       Login to graph explorer as administrator.

URL: https://developer.microsoft.com/en-us/graph/graph-explorer

 



2.       Assing permission to logged in user as full control.

Go to modify permission tab

Select the “Sites.Fullcontrol.All”



Revoke permission:



Revoke Permission Using Microsoft Graph API

Step 1: List Permissions on the Site

You need to get the permission ID before you can revoke it.

API Request to List Permissions

GET https://graph.microsoft.com/v1.0/sites/{site-id}/permissions
Authorization: Bearer {access-token}
 

Response Example:

{
  "value": [
    {
      "id": "permission-id-1234",
      "roles": ["read"],
      "grantedToIdentities": [
        {
          "application": {
            "id": "{app-id}",
            "displayName": "Your App Name"
          }
        }
      ]
    }
  ]
}


 

Note the id of the permission you want to revoke (in this case, permission-id-1234).

Step 2: Revoke the Permission

Once you have the permission ID, you can delete the permission using the following API call.

API Request to Revoke Permission

DELETE https://graph.microsoft.com/v1.0/sites/{site-id}/permissions/{permission-id}
Authorization: Bearer {access-token}
 

Response

You should receive an HTTP 204 No Content status if the permission is successfully revoked.

 

 

Site 1

 

Site Name : PDES POC

Site URL: https://qnsq.sharepoint.com/sites/PDESPOC/

Site ID: a8208f55-ac5f-4315-bb36-b9af59381474

 

 

 

Site2

 

Site Name: OHS Deloitte

Site URL: https://qnsq.sharepoint.com/sites/OHSDeloitte/_api/site/id

Site ID: 3ef0a397-c19d-4bb4-83b8-76cdd8c49b69


Comments

Post a Comment

Popular posts from this blog

SPFX setup & deployment

-
  Setting up SharePoint Framework (SPFx) for SharePoint Online involves several steps. Below is a guide to help you set up SharePoint Framework for SharePoint Online compatibility: Note: please refer below link to get latest update https://learn.microsoft.com/en-us/sharepoint/dev/spfx/set-up-your-development-environment Prerequisites: Node.js and npm: Ensure you have Node.js installed. You can download it from nodejs.org . spfx support version => node-v18.17.1-x64 npm and yomen -> >npm install -g yo gulp >npm install -g @microsoft/generator-sharepoint SPFx generally works with the LTS (Long-Term Support) version of Node.js. Yeoman and Gulp: Install Yeoman and Gulp globally using npm. bash Copy code npm install -g yo gulp SharePoint Online Tenant Configuration: Developer Site: Create a developer site collection in your SharePoint Online tenant. This site collection is used for testing your SPFx web parts. App Catalog: Create an App Catalog site collection in your SharePo...
Read more

Connect to Azure AD-secured APIs in SPFx

-
Image
  Connect to Azure AD-secured APIs in SharePoint Framework solutions When building SharePoint Framework solutions, you might need to connect to an API secured by using Azure Active Directory (Azure AD). SharePoint Framework allows you to specify which Azure AD applications and permissions your solution requires, and a global or SharePoint administrator can grant the necessary permissions if they haven't yet been granted. By using the  AadHttpClient , you can easily connect to APIs secured by using Azure AD without having to implement the OAuth flow yourself. Web API permissions overview Azure AD secures a number of resources, from Microsoft 365 to custom line-of-business applications built by the organization. To connect to these resources, applications must obtain a valid access token that grants them access to a particular resource . Applications can obtain an access token as part of the  OAuth authorization flow . Client-side applications that are incapable of storing ...
Read more