Understanding Sites.Selected permissions in SharePoint Online
Вставка
- Опубліковано 5 жов 2024
- In this 10-minute developer-focused demo, Paolo Pialorsi explains Sites.Selected permissions in SharePoint Online. The new Sites.Selected permission in AAD negates the need for ACS. Sites.Selected is an application permission for Microsoft Graph and/or SPO and allows Admins to grant Read or Write permission to the selected/targeted sites. Manage sites using Graph or CSOM/REST. PnP PowerShell can be used to Grant, Get, Revoke and Set AAD app permissions in Azure. Perfect for running an application in the background. This PnP Community demo is taken from the Microsoft 365 & Power Platform Development Community call recorded on June 9, 2022.
Demo Presenter
• Paolo Pialorsi (PiaSys.com) | @PaoloPia
Supporting materials
• Video - Sites.Selected Application permission for Graph and SharePoint APIs | • Episode #200 - Sites.S...
• Documentation - Sites permissions - Application permissions | docs.microsoft...
• Article - Controlling app access on a specific SharePoint site collections is now available in Microsoft Graph | devblogs.micro...
Learn more
• Microsoft 365 Unified Sample gallery - aka.ms/m365/sa...
• Microsoft 365 Platform Community in UA-cam - aka.ms/m365/vi...
• Microsoft 365 Platform Community - aka.ms/m365/com... - Наука та технологія
Microsoft: "Why build an Azure dialog that allows the user to proceed to the next most obvious step in a permissions workflow, when ALL THAT can be replaced with a SIMPLE series of PowerShell commands, their respective dependencies and modules, some API calls, some cryptic error messages to debug, some piecemeal, circular documentation, and 10 to 90 minutes of training videos laden with dry PowerPoint slides?"
Thank you Paolo 🙂 I was just looking for a way to connect to SharePoint from Azure Runbook and I will directly try to use this new permission!
Thanks Microsoft. But the search query is not working with Sites.selected. For the search we need Files.Read.All at least. For a multi tenant application Files.Read.All or Sites.Read.All permissions are sensitive to grant from customer stand point. Is there anyway we can achieve search with Sites.Selected?
Saved my butt. Thanks!
Where can I get a copy of this powershell? I would love to get step by step instructions to do this, I am using Mac installed Powershell but could not execute these commands. Stuck without that
Hi Paolo. Great article. But, how do you configure permission for the Azure AD registered app on the SharePoint Site level?
in the same video at 8:57 with the command Grant-PnPAzureADAppSitePermission.
you can do it separately in a PowerShell, no need to add it to the script
@@LaszloDohosbut for that you need Sites.FullControl.All for Graph anyway right? so it is kind of circular reference in terms of security footprint.
Thanks. Once the access is given for a specific site, can the app access word/excel documents created on that side in the documents section?
looks like manage and full control are not available. only read/write. How can we set manage permissions
Exactly what does the Write role give you as it relates to the site, lists and drives/document libraries? Is it the same as "Contributor" or more/less?
Can permissions only be set at the Site level, rather than at a folder level?
Woo one step at the time. Now it's permission for site only! 😜
search not working
Thanks Microsoft. But the search query is not working with Sites.selected. For the search we need Files.Read.All at least. For a multi tenant application Files.Read.All or Sites.Read.All permissions are sensitive to grant from customer stand point. Is there anyway we can achieve search with Sites.Selected?