Fine grained permissions applied to SharePoint Online App-Auth
We have written an application that access SharePoint CSOM apis to do the following:
Get sharepoint users and groups in a site collection.
Get sites in a site colleciton
Get lists in a site collection
Get role assignments/definitions
Get list items in a site collection.
Get changes since a given time in a site collection.
When we access SharePoint online using app-auth (oauth or azure private key), we are forced to give Full admin access to the app in order to do these things.
But when we user a normal service account (username/password) we have access to the fine-grained permissions as you would expect. We do this by creating a custom SharePoint permission level and give it
View Items - View items in lists and documents in document libraries.
Open Items - View the source of documents with server-side file handlers.
View Versions - View past versions of a list item or document.
View Application Pages - View forms, views, and application pages. Enumerate lists. Site Permissions
View Web Analytics Data - View reports on Web site usage.
Browse Directories - Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.
View Pages - View pages in a Web site.
numerate Permissions - Enumerate permissions on the Web site, list, folder, document, or list item.
Browse User Information - View information about users of the Web site.
Use Remote Interfaces - Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.
Open - Allows users to open a Web site, list, or folder in order to access items inside that container.
Is Microsoft ever going to fix this so that app-auth can be given fine grained permission?