Documentation Grant Permissions to HelpDesk app

Grant Permissions to HelpDesk app

If you prefer not to grant Full Control access or if your organization’s policy does not allow that, you can manually grant Azure AD app permissions for your HelpDesk site using PowerShell or Graph API. These methods will only provide access to the specific SharePoint site where HelpDesk is installed. Plumsail HelpDesk will not have access to anything in your SharePoint tenant beyond this site. For more details on the permissions granted, please refer to this article.

Grant Permissions using PowerShell

  1. Launch PowerShell on your desktop.

Hint

If you don’t have PowerShell installed, you can download it here. Make sure to install the PnP PowerShell module to be able to work with SharePoint.

2. Enter the following line of code to allow PowerShell to communicate with SharePoint:

Import-Module PnP.PowerShell

3. Connect to your SharePoint Online environment using the command provided below. Ensure you provide the Client ID of your own Entra ID Application Registration with the -ClientId parameter.

Connect-PnPOnline [yourtenant].sharepoint.com -Interactive -ClientId <client id of your Entra ID Application Registration>

4. Use the following command to grant permissions to HelpDesk only on the specific SharePoint site, replacing <SiteURL> with the URL of your HelpDesk site. This command grants access only to the SharePoint site where HelpDesk is installed, as the code explicitly defines the site to grant permissions for.

Grant-PnPAzureADAppSitePermission -AppId c378bac6-4de8-4e60-a61e-0b44d436ba92 -DisplayName "Plumsal HelpDesk" -Site <SiteURL> -Permissions FullControl

Grant Permissions using Graph Explorer

  1. Open Microsoft Graph Explorer.

2. Send the following HTTP request to grant permissions for HelpDesk, replacing <SiteId> with the GUID of your HelpDesk site. This HTTP request grants access only to the SharePoint site where HelpDesk is installed, as the request template explicitly defines the site to grant permissions for.

POST | https://graph.microsoft.com/v1.0/sites/<SiteId>/permissions

Body:
{
   "roles": [
      "fullcontrol"
   ],
   "grantedToIdentities": [
      {
            "application": {
               "id": "c378bac6-4de8-4e60-a61e-0b44d436ba92",
               "displayName": "Plumsal HelpDesk"
            }
      }
   ]
}

Hint

You can get the site GUID for the created site using the following link: https://YourTenant.sharepoint.com/sites/YourSite/_api/site/id

3. Check if the permissions were successfully assigned using:

GET https://graph.microsoft.com/v1.0/sites/<SiteId>/permissions