search

SharePoint / sp-dev-docs

SharePoint & Viva Connections Developer Documentation
https://docs.microsoft.com/en-us/sharepoint/dev/
Creative Commons Attribution 4.0 International
1.25k stars 1.01k forks source link

SharePoint Rest Api v1/v2 subsites not included with Sites.Selected role #9632

Open MichaelInkster opened 7 months ago

MichaelInkster commented 7 months ago

Target SharePoint environment

SharePoint Online

What SharePoint development model, framework, SDK or API is this about?

SharePoint REST API

Developer environment

Windows

What browser(s) / client(s) have you tested

Additional environment details

Developing with c# sending httpClient requests using .net framework

Describe the bug / error

I have an application in azure/entra, it has been granted Sites.Selected (delegated) permissions. The application has been added to the specified SharePoint Site Collection as full control using the /permissions end point (via the powershell command Grant-PnPAzureADAppSitePermission). I am an Owner with full control rights on the Site Collection and it's sub sites.

Using the Sites.Selected role, I can get a token for both Graph v1 and for SharePoint v1/v2. I can query and return items (Lists, ListItems, etc.) in the Site Collection root web with both Graph v1 and SharePoint v1/v2 using their respective tokens. I can query and return items in the sub sites/webs with Graph v1 using the respective token. I cannot query or return items from the sub sites with SharePoint v1/v2 using the respective token. The lists endpoint returns and empty array. Calling a list by title, produces an error saying the list doesn't exist.

These same queries worked with the Sites.Read.All permissions in the SharePoint v1/v2 api.

Steps to reproduce

  1. Create and app in Entra/Azure
  2. Grant delegated permissions for Sites.Selected and User.Read across the tenant in the Azure App.
  3. Apply the desired permission for the Azure app in a SiteCollection that contains sub sites using the /permissions endpoint
  4. Get a token for the Sites.Selected using the SharePoint v1/v2 method.
  5. Using SharePoint v1/v2 Api, try to return the lists and list items from any of the sub sites.

Expected behavior

The list / list items should return

antonkhrit commented 2 months ago

Exactly the same issue here.