Graph Lists and Sites Permission endpoint

Brass Contributor

I just found this article in the microsoft docs:


"Create a new permission object on a site."


But what does this mean? I tried the endpoint but it seems not to be possible to give people permissions in SharePoint Online through this endpoint. What is this supposed to do exactly:




Content-Type: application/json

  "roles": ["write"],
  "grantedToIdentities": [{
    "application": {
      "id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
      "displayName": "Contoso Time Manager App"




How can "apps" have permissions in SharePoint? I always thought only SharePoint groups/users or Azure AD groups or users can have permissions in SharePoint. What does it mean if an "app" gets permission?


And why is this only allowed on site level? Can't I give an app also permission to just a library or list item. Where is my misunderstanding here?


And is it possible at all to give certain users SharePoint permissions for a single library through the Graph API? 

0 Replies