This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 13%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
We created an app on Azure portal with admin consent for the following 3 permission scopes (Application)
Using the Update Permissions API for driveItem, I am able to add the app with write access to a OneDrive file and access the file as well as list the permissions. If i don't do this step, I am unable to access the file via API which is how it should work. But when i try to use credentials of the app and access a file in a Sharepoint Site which is public or private , i am able to get permissions for the file and download the file as well even though i have not updated the file permissions. Is this how the permission scope Files.SelectedOperations.Selected is supposed to work or is this a bug? I have verified that the jwt token has only the 3 scopes mentioned above
The process of building custom applications and tools that interact with Microsoft SharePoint, including SharePoint Online in Microsoft 365.
A Microsoft file hosting and synchronization service.
An API that connects multiple Microsoft services, enabling data access and automation across platforms
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 92%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
powershell scripts are required to enable the folders to be read / write. do you have examples of what is required?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 51%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Based on your post, it seems that the behavior you're experiencing is not expected. The Files.SelectedOperations.Selected scope should require explicit permission assignments to access files. If you are able to access files in a SharePoint site without updating the file permissions, it could indicate a potential issue.
Please check whether the app is running under an admin context or under a user’s delegated context.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
No, that's not the expected behavior. Files to which your application has not explicitly been granted access should result in an error, when you're only using the Files.SelectedOperations.Selected scope. In your scenario I would suggest checking the permissions on any "parent" entry, including folders, lists and sites. Make sure that none of them has explicit permission entry for the app.
As a quick test, you can register a new application and try to access any of the same files via it.
Tried it. Created a new private site and a new app. Did not add the app to any file or site. Still able to access the files of the new site