ideally the way you can control app scope is by setting up accesses on the vm and id’s in azure and give app scope for accessing from UiPath..azure team can help you better understand this
this is one such example to control access..similarly at each level app access can be controlled
We had done a quite bit of research in our organization on this topic as due to security restrictions, not all the authentication types work for us.
Please refer below thread where I have shared in what scenarios, which with type should be used.
You should be able to use client/app id and secret by registering your SharePoint site on azure and by providing it the application level permissions.
You will need to check internally with O365 admin team to get that done.
They will most likely do it case by case. In our case, we have to get this done for every SharePoint site we want to access via O365 package as getting application level access exposes the resources to a security threat hence, it needs to be restricted.
API permissions we are using - Sites.Selected for the site we request access for.
This issue was occurring due to access issue, please check for proper access should be having for that account and connect with devops team whether they are allowing to access the sharepoint or not
If the access issue resolved then you wont get this issue.
The Azure App registration (UiPathStudioO35App) does not have the API permission set for the Graph API.
I think our docs are really good about this.
See:
What I recommend is to have your admin setup the API permissions for applicationID and Secret.
If you are using your own App registration or Default UiPath O365 application, make sure that for the first time your Azure admin user logs in and to approve the application access.
Later, the other non admin users can use the automation.
