# Manually Grant SharePoint Site Access

{% hint style="warning" %}
**Prerequisites:** Before proceeding, ensure you have **Site Admin rights** on the target SharePoint site. You can verify this by navigating to `_layouts/15/mngsiteadmin.aspx` on your SharePoint site. Additionally, the SharePoint site permissions must be set to **Full Access** for this step to work.

You can use **PnP PowerShell** or **Microsoft Graph API** to grant the app access to specific SharePoint sites with only **`Read`** permission.

* 🔗 [PnP PowerShell Documentation](https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html)
* 🔗 [Microsoft Graph API Documentation](https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins-modernize/understanding-rsc-for-msgraph-and-sharepoint-online) (shown below)
  {% endhint %}

## 1. Create an Admin App

1. Create Admin App with **`Sites.FullControl.All`** permission. For a step-by-step guide, check the admin app section on[..](https://docs.en.theblockbrain.ai/for-admins/classic-microsoft-integrations/create-a-sharepoint-connection "mention").

## 2. Get access token of Admin App by Postman

1. Use the **`Client Id`**, **`Client Secret Key`**, **`Tenant Id`** of the Admin App to **`POST`** to **`https://login.microsoftonline.com/<tenant_id>/oauth2/token`**

<figure><img src="https://3232460952-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIabFtGTeQzwfWCzp8vd6%2Fuploads%2Fm0ibJx9FdcC9lHyFqTCU%2FScreenshot%202025-09-24%20at%2013.55.49.png?alt=media&#x26;token=319e7ad6-6af9-4572-adbc-866d398dd42c" alt=""><figcaption></figcaption></figure>

## 3. Get the Sharepoint site id

1. Create a **`GET`** request to **`https://graph.microsoft.com/v1.0/sites/`** with the **`access_token`** from the previous step as **`Bearer Token`** auth and save the returned **`id` .**

<figure><img src="https://3232460952-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIabFtGTeQzwfWCzp8vd6%2Fuploads%2FLF6toNu03S2pP3oBVyUR%2FScreenshot%202025-09-24%20at%2013.58.09.png?alt=media&#x26;token=36a9f1da-1907-44de-aa1d-71ce7f2111b4" alt=""><figcaption></figcaption></figure>

## 4. **Assign** SharePoint site **permission to target application**

1. Create a **`POST`** request to **`http://graph.microsoft.com/v1.0/sites/<site_id>/permissions`** with the following JSON payload:

```json
{
    "roles": [
        "read"
    ],
    "grantedToIdentities": [
        {
            "application": {
                "id": YOUR_TARGET_APPLICATION_ID,
                "displayName": "displayName"
            }
        }
    ]
}
```

<figure><img src="https://3232460952-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FIabFtGTeQzwfWCzp8vd6%2Fuploads%2FhyhhnERd1fgmDdTx8Jim%2FScreenshot%202025-09-24%20at%2014.01.08.png?alt=media&#x26;token=a5dc5305-6eaf-4cab-9032-113386c2c856" alt=""><figcaption></figcaption></figure>

## 5. Add Sharepoint site on Blockbrain platform

1. Continue with **`5. Configure SharePoint Integration in Blockbrain`** on [](https://docs.en.theblockbrain.ai/for-admins/classic-microsoft-integrations/create-a-sharepoint-connection/sharepoint-manual-site-setup "mention")