We have assign the App to the selected SharePoint Site by using PnP PowerShell and now pnp removed that support. Is there any other way we can assign permission to a particular user to access the selected SharePoint site? We have referred to the link below to assign permission using Powercell. https://medium.com/@sanghuynh_73086/how-to-access-sharepoint-site-using-microsoft-graph-08d20311c61c#:~:text=2.2.-,1.,Sharepoint%20Site%20(selected%20site)
We are fetching the client's SharePoint documents or files using the Graph API. To do this, we have followed these steps to retrieve documents from SharePoint:
Step 1:
Open PowerShell (recommended to use version >= 7.x to run code) in local.
Step 2: If we haven’t PnP PowerShell locally, we are use the following command to install it:
### Install PnP PowerShell in local PowerShell:
Install-Module PnP.PowerShell -Scope CurrentUser
Install-Module SharePointPnPPowerShellOnline -Scope CurrentUser
Step 3: Connect Sharepoint Site Online:
### Connect Sharepoint Online:
$devAsiaP = "https://mydomain.sharepoint.com/sites/appname"
Connect-PnPOnline -Url $devAsiaP
Step 4: Verify connection:
### Verify connection:
Get-PnPSite
Step 5: Grant permission (Permissions Write) for the selected site.
### Grant permission for selected site:
Grant-PnPAzureADAppSitePermission -AppId "{client_id}" -DisplayName "{app_name}" -Permissions Write -Site https://mydomain.sharepoint.com/sites/appname
Step 6: Granted permission successfully:
After this step, the app has permission to control the selected Sharepoint Site.
Now, the problem is PnP doesn't provide to assign the permission(below-mentioned steps). and we are looking into an alternative solution.
To assign Permission to the SharePoint, you can also make use of Microsoft Graph API like below:
Create two Microsoft Entra ID applications, one to assign site permission to the application and one more the application you want to assign permission.
In the first application, grant Sites.FullControl.All
application type API permission:
Grant Sites.Selected
to the other application:
Now generate the access token using the first application (that is granted with Sites.FullControl.All
) Api permission:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
grant_type : client_credentials
client_id : ClientIDofFirstApp
client_secret : SecretofFirstApp
scope : https://graph.microsoft.com/.default
Now create the permission:
POST https://graph.microsoft.com/v1.0/sites/{sitesId}/permissions
Content-Type: application/json
{
"roles": ["write"],
"grantedToIdentities": [{
"application": {
"id": "AppIDwhichyouwanttograntpermission",
"displayName": "SharePointApp"
}
}]
}
Reference: