Differences

This shows you the differences between two versions of the page.

--- 710:cms_sharepoint_online_new [2024/04/17 14:13] – [API Permissions] Policnik, Florian
+++ 710:cms_sharepoint_online_new [2024/04/29 15:07] (current) – [API Permissions] Policnik, Florian
@@ Line 136: / Line 136: @@
 ==== API Permissions ====
-In addition to the Redirect URIs, the application needs [[https://docs.microsoft.com/en-us/graph/permissions-reference|permissions]] for file handling. Up to Stages version XXX we had the option to use delegated [[https://learn.microsoft.com/en-us/graph/permissions-reference#sitesreadwriteall|Sites.ReadWrite.All]] permission. Because of backward compatibility this is the default behavior. With Stages version XXX we added the option to use application and delegated permission [[https://learn.microsoft.com/en-us/graph/permissions-reference#sitesselected|Sites.Selected]]. This is the recommended option.
+In addition to the Redirect URIs, the application needs [[https://docs.microsoft.com/en-us/graph/permissions-reference|permissions]] for file handling. Up to Stages version XXX we had the option to use delegated [[https://learn.microsoft.com/en-us/graph/permissions-reference#sitesreadwriteall|Sites.ReadWrite.All]] permission. Because of backward compatibility this is the default behavior. With Stages version XXX we added the option to use application and delegated permission [[https://learn.microsoft.com/en-us/graph/permissions-reference#sitesselected|Sites.Selected]]. This is the recommended option. There is a in detail explanation in [[https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins-modernize/understanding-rsc-for-msgraph-and-sharepoint-online|Microsoft documentation]].
 === Default option: delegated permission Sites.ReadWrite.All ===
@@ Line 174: / Line 174: @@
 For this option an **admin consent is required**. This can be done by a Global Administrator, an Application Administrator, or a Cloud Application Administrator. More information in [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent|Azure documentation]].
-In addition for the ''Sites.Selected'' permissions an Global Administrator have to select the specific SharePoint sites and give "write" access. This can be done via Microsoft Graph PowerShell SDK.
+In addition for the ''Sites.Selected'' permissions an Global Administrator have to select the specific SharePoint sites and give "write" access. This can be done via PnP PowerShell or Microsoft Graph PowerShell SDK.
+== PnP PowerShell ==
+The PnP PowerShell offers a [[https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html|command]] to grant the permission. [[https://pnp.github.io/powershell/articles/installation.html|PnP PowerShell]] must be installed. The user must be an Azure administrator. In this example we're granting access for Stages app with client ID ''11111111-1111-1111-1111-111111111111'' to SharePoint Online Site ''<nowiki>https://example.sharepoint.com/sites/steering</nowiki>''.
+<code powershell>
+Grant-PnPAzureADAppSitePermission -AppId "11111111-1111-1111-1111-111111111111" -DisplayName "Stages" -Permissions Write -Site "https://example.sharepoint.com/sites/steering"
+</code>
 == Microsoft Graph PowerShell SDK ==
@@ Line 197: / Line 206: @@
         @{application = @{
                 id          = "11111111-1111-1111-1111-111111111111"
-                displayName = "Stages site/steering permission"
+                displayName = "Stages"
             }
         }