Both sides previous revisionPrevious revisionNext revision | Previous revision |
710:cms_sharepoint_online_new [2024/04/16 14:11] – [API Permissions] Policnik, Florian | 710:cms_sharepoint_online_new [2024/04/29 15:07] (current) – [API Permissions] Policnik, Florian |
---|
==== API Permissions ==== | ==== API Permissions ==== |
| |
In addition to the Redirect URIs, the application needs [[https://docs.microsoft.com/en-us/graph/permissions-reference|permissions]] for file handling. Up to Stages version XXX we had the option to use delegated [[https://learn.microsoft.com/en-us/graph/permissions-reference#sitesreadwriteall|Sites.ReadWrite.All]] permission. Because of backward compatibility this is the default behavior. With Stages version XXX we added the option to use application and delegated permission [[https://learn.microsoft.com/en-us/graph/permissions-reference#sitesreadwriteall|Sites.Selected]]. This is the recommended option. | In addition to the Redirect URIs, the application needs [[https://docs.microsoft.com/en-us/graph/permissions-reference|permissions]] for file handling. Up to Stages version XXX we had the option to use delegated [[https://learn.microsoft.com/en-us/graph/permissions-reference#sitesreadwriteall|Sites.ReadWrite.All]] permission. Because of backward compatibility this is the default behavior. With Stages version XXX we added the option to use application and delegated permission [[https://learn.microsoft.com/en-us/graph/permissions-reference#sitesselected|Sites.Selected]]. This is the recommended option. There is a in detail explanation in [[https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins-modernize/understanding-rsc-for-msgraph-and-sharepoint-online|Microsoft documentation]]. |
| |
=== Default option: delegated permission Sites.ReadWrite.All === | === Default option: delegated permission Sites.ReadWrite.All === |
For this option an **admin consent is required**. This can be done by a Global Administrator, an Application Administrator, or a Cloud Application Administrator. More information in [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent|Azure documentation]]. | For this option an **admin consent is required**. This can be done by a Global Administrator, an Application Administrator, or a Cloud Application Administrator. More information in [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent|Azure documentation]]. |
| |
In addition for the ''Sites.Selected'' permissions an Global Administrator have to select the specific SharePoint sites and give "write" access. This can be done via Microsoft Graph PowerShell SDK. | In addition for the ''Sites.Selected'' permissions an Global Administrator have to select the specific SharePoint sites and give "write" access. This can be done via PnP PowerShell or Microsoft Graph PowerShell SDK. |
| |
| |
| == PnP PowerShell == |
| |
| The PnP PowerShell offers a [[https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html|command]] to grant the permission. [[https://pnp.github.io/powershell/articles/installation.html|PnP PowerShell]] must be installed. The user must be an Azure administrator. In this example we're granting access for Stages app with client ID ''11111111-1111-1111-1111-111111111111'' to SharePoint Online Site ''<nowiki>https://example.sharepoint.com/sites/steering</nowiki>''. |
| |
| <code powershell> |
| Grant-PnPAzureADAppSitePermission -AppId "11111111-1111-1111-1111-111111111111" -DisplayName "Stages" -Permissions Write -Site "https://example.sharepoint.com/sites/steering" |
| </code> |
| |
== Microsoft Graph PowerShell SDK == | == Microsoft Graph PowerShell SDK == |
| |
The [[https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0|Microsoft Graph PowerShell SDK]] must be installed. In this example we're granting access for Stages app with client ID ''11111111-1111-1111-1111-111111111111'' to SharePoint Online Site ''<nowiki>https://example.sharepoint.com/sites/steering</nowiki>''. | The [[https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0|Microsoft Graph PowerShell SDK]] must be installed. The user must be an Azure administrator. In this example we're granting access for Stages app with client ID ''11111111-1111-1111-1111-111111111111'' to SharePoint Online Site ''<nowiki>https://example.sharepoint.com/sites/steering</nowiki>''. |
| |
Please notice that site ''<nowiki>https://example.sharepoint.com/sites/steering</nowiki>'' have to be separeted into ''example.sharepoint.com'' and ''/sites/steering'' and have to be combined again with '':'' as separator: ''<nowiki>example.sharepoint.com:/sites/steering</nowiki>'' | Please notice that site ''<nowiki>https://example.sharepoint.com/sites/steering</nowiki>'' have to be separeted into ''example.sharepoint.com'' and ''/sites/steering'' and have to be combined again with '':'' as separator: ''<nowiki>example.sharepoint.com:/sites/steering</nowiki>'' |
@{application = @{ | @{application = @{ |
id = "11111111-1111-1111-1111-111111111111" | id = "11111111-1111-1111-1111-111111111111" |
displayName = "Stages site/steering permission" | displayName = "Stages" |
} | } |
} | } |