Fine grained permissions applied to SharePoint Online App-Auth?

Occasional Contributor

We have written an application that access SharePoint CSOM apis to do the following:

  1. Get sharepoint users and groups in a site collection.
  2. Get sites in a site colleciton
  3. Get lists in a site collection
  4. Get role assignments/definitions
  5. Get list items in a site collection.
  6. Get changes since a given time in a site collection.

When we access SharePoint online using app-auth (oauth or azure private key), we are forced to give Full admin access to the app in order to do these things.

But when we user a normal service account (username/password) we have access to the fine-grained permissions as you would expect. We do this by creating a custom SharePoint permission level and give it

  • View Items - View items in lists and documents in document libraries.
  • Open Items - View the source of documents with server-side file handlers.
  • View Versions - View past versions of a list item or document.
  • View Application Pages - View forms, views, and application pages. Enumerate lists. Site Permissions
  • View Web Analytics Data - View reports on Web site usage.
  • Browse Directories - Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.
  • View Pages - View pages in a Web site.
  • numerate Permissions - Enumerate permissions on the Web site, list, folder, document, or list item.
  • Browse User Information - View information about users of the Web site.
  • Use Remote Interfaces - Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.
  • Open - Allows users to open a Web site, list, or folder in order to access items inside that container.

Is Microsoft ever going to fix this so that app-auth can be given fine grained permission?

0 Replies