366 votes49 comments · Microsoft Graph Feature Requests » Identity and Access · Flag idea as inappropriate… · Admin →
Work has started. We plan to build an experience where end users and administrators can pick a specific resource to grant consent to, such as a specific group or site. This will be programmable through Microsoft Graph API.
An error occurred while saving the commentAaron Cutlip commented
+1 Adding some additional context/scenarios from the perspective of an ISV that has a product that needs to connect to a SharePoint Online site collection. With the Classic SharePoint Add-in model (see: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs) it is possible to grant App Only permissions to the site collection. There currently is no parity for this if using Microsoft Graph/App Registrations. As an ISV, clients typically say "No way!!, I am not granting your app access to ALL SITE COLLECTIONS", so we fall back to using the classic SharePoint API until we have this available within Microsoft Graph.
NOTE: The following UserVoice entry is along these same lines: https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/34678792-manage-permissions-at-ressource-level-for-sharepoiAaron Cutlip supported this idea ·