SharePoint
The Datafisher
In some cases fetching and/or updating documents from SharePoint could be needed.
Prerequisites (provided by Datafisher):
- The SharePoint URL to grant access to
Results (to be provided to Datafisher):
- (none)
In this section
- Initial setup – prerequisites
- Granting permissions – grant the permissions to the relevant SharePoint site
Initial setup
First, you need to set up an enterprise application which is likely already done for setting up
Next, the permissions need to be assigned like explained in the user data import setup instructions, except that instead of the User.Read.All you need to assign either
- the
Sites.Selectedpermission that grants access to only a specific set of sites, - the
Sites.ReadWrite.Allpermission that grants access the whole SharePoint (not recommended).
In case of the second option, nothing else needs to be done.
Granting permissions
In case of assigning the Sites.Selected permission, the actual permissions to the SharePoint site now need to be granted.
Unfortunately, there is no graphical user interface for this.
The easiest is to use the CLI for Microsoft 365 or PowerShell.
Using the CLI for Microsoft 365
First, you need to install the CLI if you haven't yet. It based on JavaScript, so you need to have Node.js and a package manager like pnpm, npm (installed with Node.js), or yarn installed.
Additionally, under Windows it could be convenient to use WSL.
In order to install the CLI, run the relevant command for your package manager:
pnpm i -g @pnp/cli-microsoft365
npm i -g @pnp/cli-microsoft365
yarn global add @pnp/cli-microsoft365
For example:
$ pnpm i -g @pnp/cli-microsoft365

Downloading registry.npmjs.org/typescript/4.9.5: 11.6 MB/11.6 MB, done
Packages: +231
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Progress: resolved 279, reused 73, downloaded 206, added 231, done
.pnpm/swiper@8.4.7/node_modules/swiper: Running postinstall script, done in 56ms
/home/user/.local/share/pnpm/global/5:
+ @pnp/cli-microsoft365 6.10.0
Done in 9.4s
Next, you need to authenticate yourself to grant the CLI the relevant permissions:
m365 login
which gives you a code:
$ m365 login

"To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CA5FMKCXR to authenticate."
Go to https://microsoft.com/devicelogin and enter the code that was displayed, select the relevant user, and grant the permissions.
The CLI will then display a successful result:
{
connectedAs: 'user@example.com',
authType: 'DeviceCode',
appId: '31359c7f-bd7e-475c-86db-fdb8c937548e',
appTenant: 'common',
cloudType: 'Public'
}
Finally, you can grant the permissions by running:
m365 spo site apppermission add --appId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --permission fullcontrol --siteUrl "https://company.sharepoint.com/sites/site"
where xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx is the application ID found on the application registration overview page and https://company.sharepoint.com/sites/site is the SharePoint site URL.
This will output:
$ m365 spo site apppermission add --appId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --permission fullcontrol --siteUrl "https://company.sharepoint.com/sites/site"
{
"id": "aTowaS90fG3zLnNwLmV4dHxlN3NmZTBhNC3lZDM3LTQ9ODktOTA9Ni0yYmQzNGFkMGMzYjZAOGY9NWZhY3ItOWMzMi00ZGViLWE4MGMtZGM9MzIzNzg3OTMx",
"roles": [
"fullcontrol"
],
"grantedToIdentitiesV2": [
{
"application": {
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
}
],
"grantedToIdentities": [
{
"application": {
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
}
]
}
Using PowerShell
Alternatively, PowerShell could be used.
First, you need to install the PnP PowerShell module by running:
Install-Module PnP.PowerShell -Scope CurrentUser
Next, grant the actual permissions:
Connect-PnPOnline -Url "https://company.sharepoint.com/sites/site" -Interactive
$permission = Grant-PnPAzureADAppSitePermission -AppId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -DisplayName "Datafisher LMS" -Permissions Write
Set-PnPAzureADAppSitePermission -PermissionId $permission.Id -Permissions FullControl
where xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx is the application ID found on the application registration overview page and https://company.sharepoint.com/sites/site is the SharePoint site URL.