'Azure scheduled Function - alternative to "Password Grant" to limit SharePoint permissions
Scenario: we have a scheduled Azure Function that needs to access files on SharePoint.
The simple way is to create an App Registration and set in "API Permissions" the authorizations for SharePoint (AllSites.Read/AllSites.Write) without Delegate.
The drawback of this method is that the App Registration gives access to the entire SharePoint Tenant. But we want use it to give permission only to a specific site.
To accomplish this requirement we created the App Registration with Delegated Permission. Then we created a "service" user account (with only access to a specific SharePoint Site). So, inside the Azure Function, we use the "Password Grant" type with the credentials of the service user.
Is there a better way to accomplish this requirement (not full SharePoint access)? I don't want to use the old "SharePoint App-Only" method to create a Service Principal.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|