[QUESTION] - API Access Permissions

[robertcaretta]

Submit your question

What is the context of your question

• Installation
• Learning Pathways Content
• SharePoint Success Content
• Administration
• Custom Content
• Viewer Web Part

What is your question

I recently upgraded the Learning Pathways app to v5.0.0.4. It requested a new Microsoft Graph permission of Files.ReadWrite.All. I had to make myself a tenant Global admin to approve of this permission. I need to understand all the dependencies here as I may need to get our Information Security team to review.

Q: When approving the API access permissions where exactly is this getting applied to? Is there an app in Azure where this gets added?

Q: Why does this app need Files.ReadWrite.All permissions?

[dcashpeterson]

@robertcaretta thanks for pointing this out. This is something new we changed with V5. We were previously using the SharePoint REST endpoints to allow for admins to add custom images for their playlists and assets. In V5 we changed this to use the Microsoft Graph endpoints and use the method that is more closely aligned with how SharePoint works natively. To that end we needed to add the API access request for V5. That api is only used to upload images so there are no other dependencies.

To answer your questions:

1. This gets applied in the SharePoint Admin Center. This allows SharePoint framework based solutions to access the Graph. There is no app registration where it is applied. It is managed all through the SharePoint Admin Center.
2. M365 Learning Pathways need the permission to allow for custom images to be uploaded for custom playlists and assets.

Hope that helps. I have also updated the documentation.

https://github.com/pnp/custom-learning-office-365/blob/main/installation/README.md#api-permissions