Aug 25 2022 08:05 AM
Hi!
I am using CSOM to change SharePoint Online files and reset the last modified date of their items.
It works, when I log in to SharePoint with user name and password.
When I create an app registration and use MSAL to get a token through interactive login, the reset of the last modified date will not work.
The code is the same. It is just the token, that makes the difference.
The app registrations API permissions are set to AllSites.Manage, so it should have enough rights to change meta data.
Any suggestions what I could change?
Cheers
Alex
Aug 26 2022 03:22 AM
@Alexander72 Can you try using AllSites.FullControl permissions & see if it works for this scenario?
-
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.
Aug 26 2022 04:50 AM
Aug 26 2022 05:26 AM - edited Aug 26 2022 05:30 AM
Based on your questions, you are getting a token through interactive login that means you are using Delegated permissions, so even if you have given AllSites.FullControl, your code will always work with permission of user which you are using interactive login.
And still it's also possible to provide access to specific sites using Azure AD App Registration. If security is the concern then you can provide AllSites.FullControl rights for particular site collections only.
Reference Blog: https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-co...
Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community
Aug 26 2022 05:35 AM
Aug 26 2022 06:12 AM - edited Aug 26 2022 06:14 AM
What I am trying to say is if you are using Delegated Permissions (as mentioned in below screen shot), even if you provide higher permission in App Registration, only operation which current user have permissions (user which you have used in interactive login) are allowed.
E.g. In your App Registration, you have given AllSites.FullControl rights and let say we have two user i.e. User A and User B where User A does have only read rights in one site collection and User B does have contribute rights in same site collection.
Now if you login with User A in your CSOM console with interactive user, and you are trying to update anything in the site, Code will give unauthorized access (even if in your app you have given AllSites.FullControl permission) because current user don't enough rights in site collection.
I hope that now it will be more clear.
Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community
Aug 26 2022 06:22 AM