Can we assign sharePoint API permission site wise?

%3CLINGO-SUB%20id%3D%22lingo-sub-1581502%22%20slang%3D%22en-US%22%3ECan%20we%20assign%20sharePoint%20API%20permission%20site%20wise%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1581502%22%20slang%3D%22en-US%22%3E%3CP%3EI%20want%20to%20assign%20an%20application%20below%20sharepoint%20api%20permissions%20to%20specific%20sharepoint%20site%20.%20Is%20it%20possible%3F%20want%20to%20avoid%20giving%20permissions%20to%20all%20sharepoint%20sites.%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%3CDIV%20class%3D%22azc-grid-hierarchical-cell-flexcontainer%22%3E%3CDIV%20class%3D%22azc-grid-cellContent%22%3E%3CDIV%20class%3D%22azc-vivaControl%22%3E%3CDIV%20class%3D%22ext-ad-registeredApps-apiperm-perm-row-title%22%3E%3CSPAN%3ESites.Read.All%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FTD%3E%3CTD%3E%3CDIV%20class%3D%22azc-grid-hierarchical-cell-flexcontainer%22%3E%3CDIV%20class%3D%22azc-grid-cellContent%22%3EApplication%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FTD%3E%3CTD%3E%3CDIV%20class%3D%22azc-grid-hierarchical-cell-flexcontainer%22%3E%3CDIV%20class%3D%22azc-grid-cellContent%22%3ERead%20items%20in%20all%20site%20collections%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%3CDIV%20class%3D%22azc-grid-hierarchical-cell-flexcontainer%22%3E%3CDIV%20class%3D%22azc-grid-cellContent%22%3E%3CDIV%20class%3D%22azc-vivaControl%22%3E%3CDIV%20class%3D%22ext-ad-registeredApps-apiperm-perm-row-title%22%3E%3CSPAN%3EUser.Read.All%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FTD%3E%3CTD%3E%3CDIV%20class%3D%22azc-grid-hierarchical-cell-flexcontainer%22%3E%3CDIV%20class%3D%22azc-grid-cellContent%22%3EApplication%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FTD%3E%3CTD%3E%3CDIV%20class%3D%22azc-grid-hierarchical-cell-flexcontainer%22%3E%3CDIV%20class%3D%22azc-grid-cellContent%22%3ERead%20user%20profiles%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1581502%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1582136%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20we%20assign%20sharePoint%20API%20permission%20site%20wise%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1582136%22%20slang%3D%22en-US%22%3E%3CP%3ENope.%20Exchange%20is%20currently%20the%20only%20workload%20that%20supports%20scoping%20down%20permissions%2C%20for%20all%20others%20it's%20%22all%20or%20nothing%22.%20You%20can%20however%20use%20the%20delegate%20permissions%20model%2C%20where%20the%20application%20runs%20in%20the%20context%20of%20a%20user%2C%20in%20which%20case%20it%20gets%20access%20only%20to%20the%20resources%20the%20user%20can%20access%2Fmanage.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1582389%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20we%20assign%20sharePoint%20API%20permission%20site%20wise%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1582389%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20clarification%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I want to assign an application below sharepoint api permissions to specific sharepoint site . Is it possible? want to avoid giving permissions to all sharepoint sites.

Sites.Read.All
Application
Read items in all site collections
User.Read.All
Application
Read user profiles

 

2 Replies

Nope. Exchange is currently the only workload that supports scoping down permissions, for all others it's "all or nothing". You can however use the delegate permissions model, where the application runs in the context of a user, in which case it gets access only to the resources the user can access/manage.

Thanks for clarification @Vasil Michev  :)