With the addition of sites.selected permissions, its vital to be able to use app integrations that don't have full access to SharePoint Online.
This creates an issue because the issue query of the SiteId requires more permissions that a company would be comfortable providing. As an example this error comes up if you are granting least privilege:
"url": "https://graph.microsoft.com/v1.0/sites/contoso.sharepoint.com:/?$select=id",
"method": "get",
"headers": {
"common": {
"Accept": "application/json, text/plain, /"
},
"delete": {},
"get": {},
"head": {},
"post": {
"Content-Type": "application/x-www-form-urlencoded"
},
"put": {
"Content-Type": "application/x-www-form-urlencoded"
},
"patch": {
"Content-Type": "application/x-www-form-urlencoded"
},
"user-agent": "NONISV|SharePointPnP|CLIMicrosoft365/3.12.0",
"accept-encoding": "gzip, deflate",
"accept": "application/json;odata.metadata=none",
"responseType": "json",
"decompress": true
}
Request error:
{
"status": 403,
"statusText": "Forbidden",
"headers": {
"connection": "close",
"date": "Thu, 26 Aug 2021 01:41:44 GMT",
"content-type": "application/json",
"cache-control": "no-cache",
"transfer-encoding": "chunked",
"vary": "Accept-Encoding",
"strict-transport-security": "max-age=31536000",
"request-id": "d11b9c8e-08b1-457e-8f0d-8e2d688c756d",
"client-request-id": "d11b9c8e-08b1-457e-8f0d-8e2d688c756d",
"x-ms-ags-diagnostic": "{"ServerInfo":{"DataCenter":"North Central US","Slice":"E","Ring":"5","ScaleUnit":"000","RoleInstance":"CH01EPF000076C8"}}"
},
"error": {
"error": {
"code": "accessDenied",
"message": "Access denied",
"innerError": {
"date": "2021-08-26T01:41:45",
"request-id": "d11b9c8e-08b1-457e-8f0d-8e2d688c756d",
"client-request-id": "d11b9c8e-08b1-457e-8f0d-8e2d688c756d"
}
}
}
}
Error: Access denied
With the addition of sites.selected permissions, its vital to be able to use app integrations that don't have full access to SharePoint Online.
This creates an issue because the issue query of the SiteId requires more permissions that a company would be comfortable providing. As an example this error comes up if you are granting least privilege:
"url": "https://graph.microsoft.com/v1.0/sites/contoso.sharepoint.com:/?$select=id",
"method": "get",
"headers": {
"common": {
"Accept": "application/json, text/plain, /"
},
"delete": {},
"get": {},
"head": {},
"post": {
"Content-Type": "application/x-www-form-urlencoded"
},
"put": {
"Content-Type": "application/x-www-form-urlencoded"
},
"patch": {
"Content-Type": "application/x-www-form-urlencoded"
},
"user-agent": "NONISV|SharePointPnP|CLIMicrosoft365/3.12.0",
"accept-encoding": "gzip, deflate",
"accept": "application/json;odata.metadata=none",
"responseType": "json",
"decompress": true
}
Request error:
{
"status": 403,
"statusText": "Forbidden",
"headers": {
"connection": "close",
"date": "Thu, 26 Aug 2021 01:41:44 GMT",
"content-type": "application/json",
"cache-control": "no-cache",
"transfer-encoding": "chunked",
"vary": "Accept-Encoding",
"strict-transport-security": "max-age=31536000",
"request-id": "d11b9c8e-08b1-457e-8f0d-8e2d688c756d",
"client-request-id": "d11b9c8e-08b1-457e-8f0d-8e2d688c756d",
"x-ms-ags-diagnostic": "{"ServerInfo":{"DataCenter":"North Central US","Slice":"E","Ring":"5","ScaleUnit":"000","RoleInstance":"CH01EPF000076C8"}}"
},
"error": {
"error": {
"code": "accessDenied",
"message": "Access denied",
"innerError": {
"date": "2021-08-26T01:41:45",
"request-id": "d11b9c8e-08b1-457e-8f0d-8e2d688c756d",
"client-request-id": "d11b9c8e-08b1-457e-8f0d-8e2d688c756d"
}
}
}
}
Error: Access denied