I'm dealing with a tricky situation after our company downsized, and now I'm trying to connect our ETL tool (Clover) to a SharePoint list that's hosted on a Microsoft Teams site. The admin team is a bit lost on how to grant the necessary permissions. I managed to obtain an API token, but I'm facing access denied errors when attempting to connect to the list endpoint. Currently, there's a thought that adding a redirect URL to the app registration might resolve this issue, but I wonder if adding the Teams site as a scope to the app registration in Entra would make it easier. It's also complicating things that one team is working on the app registration while another is focused on permissions, so I'm savvy enough to know I might end up caught in the middle of this debate.
3 Answers
Honestly, I’m fed up with managing data through OneDrive, Teams, or SharePoint. The integrations might be okay, but working with Graph or the SharePoint API is just a continuous headache. I’d say it likely needs SharePoint API access instead of Graph, but who knows at this point.
Is the service principal or app registration actually part of the SharePoint/Teams site? That could be the root of your access issue.
It’s worth noting that regardless of it being a Teams site, it ultimately operates as a SharePoint site. You should look into two Graph API permissions: `Sites.FullControl.All`, which gives access to all sites, and `Sites.Selected`, which permits access to specific sites. With `Sites.Selected`, make sure you have the Site ID for the sites you want to access. Just send a POST request to the Graph API with the necessary application and site details. Check out this link for more insights: https://www.darwindroll.com/blog/use-sitesselected-application-permission-in-microsoft-graph
Absolutely! Once you get those permissions set, the rest can be managed in SharePoint, like access permissions for sites and lists. It's a bit of a mess, but it works.
Right, and we're set on `Sites.Selected`, but I don't think they’ve properly added any specific sites yet. That's why I was mentioning adding that scope to the app registration. Given that it’s a hospital, we might not cover every site, and the organization around that is lacking. If you have more resources on adding sites under `Sites.Selected`, I'd love to see them!
That could very well be it! If you’ve got any guidance on this, I’d appreciate it. I can do some searching, but if there are specific terms or materials, I’d love to know.