View Attach (18) Info
This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Managing SharePoint Site Access for Applications Using Sites.Selected Permission
#


The Sites.Selected permission allows an app to access only the specific SharePoint sites you explicitly authorize. This wiki page provides guidance on how to grant SharePoint write access (required for SharePoint2 protocol see SharePoint Integration) to an App Registration configured in the Azure Portal. Using Sites.Selected offers a much more secure alternative to granting full access across your entire tenant. See this: https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

1. Create an App Registration with permission Sites.FullControl.All
#


!!! Important: This App Registration is not the working app that will access the SharePoint site. It is a helper/admin app, used only to configure and grant SharePoint write permissions to other apps (the real apps that will use Sites.Selected permission).

Start at the Microsoft Azure portal: https://azure.microsoft.com/en-us/features/azure-portal/

Application registration: Go to the App registrations and click on New registration:

SharePoint%20Integration/new_registration.png

The Redirect URI (optional) is not required, because it will has a Application Permission only.

Configure API Permissions:

Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Application Permission. Search for Sites and check the flag Sites.FullControll.All.

CrushTaskExample19/app_permission_sites_full_control.png

Secret key: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the value immediately!

SharePoint%20Integration/new_secret.png

SharePoint%20Integration/secret_value.png

2. Create an App Registration to Access SharePoint Site Documents Using the Sites.Selected Permission
#


Application registration: Go to the App registrations and click on New registration. Configure redirect URL like:
    http://localhost:9090/
or 
[CrushTaskExample19/app_permission_sites_full_control.png]

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 app_permission_sharepoint_site... 198.2 kB 1 29-Apr-2025 11:24 krivacsz
png
 app_permission_sites_full_cont... 159.9 kB 1 29-Apr-2025 09:55 krivacsz
png
 check_new_permission.png 112.3 kB 1 30-Apr-2025 07:45 krivacsz
png
 check_response_code.png 118.7 kB 1 29-Apr-2025 16:31 krivacsz
png
 error_handler_task.png 91.2 kB 1 30-Apr-2025 07:44 krivacsz
png
 find_a_file.png 116.5 kB 1 29-Apr-2025 16:00 krivacsz
png
 get_acccess_token_variables.pn... 121.1 kB 2 30-Apr-2025 05:41 krivacsz
png
 get_access_token_http_1.png 121.5 kB 1 29-Apr-2025 16:08 krivacsz
png
 get_access_token_http_2.png 46.3 kB 1 29-Apr-2025 16:12 krivacsz
png
 get_site_permission_http_1.png 109.0 kB 1 29-Apr-2025 16:27 krivacsz
png
 get_site_permission_http_2.png 45.5 kB 1 29-Apr-2025 16:29 krivacsz
png
 grant_sharepoint_site_access_j... 249.2 kB 3 30-Apr-2025 07:18 krivacsz
xml
 job.XML 47.3 kB 1 01-May-2025 04:57 krivacsz
png
 new_permission_http_1.png 116.3 kB 1 30-Apr-2025 07:03 krivacsz
png
 new_permission_http_2.png 51.7 kB 1 30-Apr-2025 07:09 krivacsz
png
 new_permission_related_variabl... 125.4 kB 1 30-Apr-2025 06:59 krivacsz
png
 parse_access_token_from_respon... 86.0 kB 2 30-Apr-2025 06:18 krivacsz
png
 site_selected_microsoft_graph.... 170.2 kB 1 30-Apr-2025 02:38 krivacsz
« This particular version was published on 29-Apr-2025 11:28 by krivacsz.
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
CrushTask
SharePoint Integration

JSPWiki