Getting more granular permissions with Graph API and SPO sites
Do we have any plans to allow Azure AD-registered apps accessing Microsoft Graph APIs (such as SharePoint Online) to have more granular permissions? Can we get SharePoint Online (SPO) to enforce more granular authorization rules based on the app identity and some manifest rules to restrict the site collection for example, instead of Sites.Read.All? I am looking for something like this: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs, but for Azure-AD apps (where we can specify really granular permissions).
This question is around the ability to customize Microsoft Graph APIs such as SharePoint Online APIs to restrict the site collections that can be accessed by an application.
Ganesh Lathi commented
This is much needed functionality. MS Graph would not be useful without that.
MS Graph for the win!
Raj Uchhana commented
Much needed functionality.
Karina Allum commented
I can't see how we can switch to Graph if it means losing existing functionality we depend on in CSOM.
this is a no brainer..should absolutely have this.
Harish K Beeram commented
To Microsoft Azure team, If the suggested guidance from Microsoft is use the MS Graph API but it does not support granular permission it would be essential for Microsoft to provide it Clients using CSOM the alternative approach and provide granular permission like SharePoint CSOM allows.
Bithell, Tyler commented
This would be very useful.