How can "apps" have permissions in SharePoint? I always thought only SharePoint groups/users or Azure AD groups or users can have permissions in SharePoint. What does it mean if an "app" gets permission?
And why is this only allowed on site level? Can't I give an app also permission to just a library or list item. Where is my misunderstanding here?
And is it possible at all to give certain users SharePoint permissions for a single library through the Graph API?