问题
I have an external program that I have scheduled to run once a day (i.e. no user interaction). This program should upload a file to a SharePoint Online site, using Microsoft Graph API. I'm able to enable this in Azure Active Directory by registering an app, and giving this app the application permission File.ReadWrite.All, then sending a PUT request to
https://graph.microsoft.com/v1.0/drives/{drive-id}/items/{parent-id}:/{filename}:/content
However, by granting File.ReadWrite.All, the program will have access to all files in all site collections for my organization. I want to limit access to a specific site, or perhaps just a specific folder within that site. How can this be achieved? (without the need for a user to interactively sign in when the program is run)
回答1:
It is not currently possible to restrict app-only access to a specific SharePoint site, through Microsoft Graph.
来源:https://stackoverflow.com/questions/56073788/controlling-an-applications-api-access-to-a-sharepoint-site