Table of Contents

Basic settings

Suppose you have two SharePoint sites named "permission granted" and "permission denied". 2 initial SharePoint sites

Create two applications in the Microsoft Entra admin center, named AdminApp and App1. AdminApp should have access to everything, while App1 should have access to the "permission granted" site only. The 2 apps

Set Sites.FullControl.All access rights for AdminApp: AdminApp access rights

Set Sites.Selected access rights for App1: App1 access rights

Granting access for App1 to a specific SharePoint site

  1. Create a new HTTP request to generate an access token for AdminApp: a. Set Request method, Request URL, and Request header. HTTP request for AdminApp b. Enter the request body settings. HTTP request 1 - body settings c. Send the request. An access token for AdminApp is generated. Generated token

  2. Copy the site ID of the SharePoint site named "permission granted". Target Site ID

  3. Create a new HTTP request to grant access for App1 to the "permission granted" SharePoint site: a. Set Request method, Request URL, and Request header. HTTP request for App1 b. Enter the request body settings. HTTP request 2 - body settings c. Enter authorization settings and paste the access token obtained from the previous request. Authorization settings d. Send the request. Access for App1 to the "permission granted" SharePoint site is granted. Authorization settings