Fabric Notebook Help - SharePoint

Rohitb · ‎06-26-2025

Hi,

In most of the code that I am scanning across to upload file into sharepoint via service principal, sites.readwriteAll application permission is being provided to the app.

But that is the higesth privilge that an app would get across all sharepoints and we need to restrict it to a single sharepoint in which the app has been given access to.

So can someone share me the fabric notebook code to upload a file into sharepoint via service principal authentication with least minimum privilege

v-prasare · ‎07-28-2025

We would like to confirm if you've successfully resolved this issue or if you need further help. If you still have any questions or need more support, please feel free to let us know.

If we don’t hear back, we’ll go ahead and close this thread. For any further discussions or questions, please start a new thread in the Microsoft Fabric Community Forum we’ll be happy to assist.
Thank you for being part of the Microsoft Fabric Community.

v-prasare · ‎07-21-2025

@Rohitb,

As we haven’t heard back from you, we wanted to kindly follow up to check if there is any progress on above mentioned issue. let me know if you still need any further help here.

Thanks,

Prashanth Are

MS Fabric community support

v-prasare · ‎07-07-2025

@Rohitb,

As we haven’t heard back from you, we wanted to kindly follow up to check if there is any progress on above mentioned issue. let me know if you still need any further help here.

Thanks,

Prashanth Are

MS Fabric community support

wardy912 · ‎06-26-2025

import requests
from msal import ConfidentialClientApplication

client_id = 'YOUR-CLIENT-ID'
client_secret = 'YOUR-CLIENT-SECRET'
tenant_id = 'YOUR-TENANT-ID'
authority = f'https://login.microsoftonline.com/{tenant_id}'
scope = ['https://graph.microsoft.com/.default']

app = ConfidentialClientApplication(client_id, authority=authority, client_credential=client_secret)
token = app.acquire_token_for_client(scopes=scope)

headers = {
    'Authorization': f"Bearer {token['access_token']}",
    'Content-Type': 'text/plain'
}

file_content = 'Hello SharePoint!'
upload_url = 'https://graph.microsoft.com/v1.0/sites/{site-id}/drives/{drive-id}/root:/Folder/File.txt:/content'

response = requests.put(upload_url, headers=headers, data=file_content)
print(response.status_code, response.json())

Rohitb · ‎06-27-2025

@wardy912 : Thankyou for your response, Can you please let me know what API permission is needed for Service Principal for above code ?

v-prasare · ‎07-15-2025

The above requires Microsoft Graph > Application Permission: Sites.Selected.
This permission restricts the app to only the sites it is explicitly granted access to.
After assigning Sites.Selected, you must use SharePoint PowerShell (Set-SPOSite) to allow the app write access to the specific site.

Fabric Notebook Help - SharePoint

Helpful resources

Fabric Data Days

Fabric Monthly Update - October 2025

FabCon Atlanta 2026

Fabric Data Days starts November 4th!

Fabric Notebook Help - SharePoint

Helpful resources

Fabric Data Days

Fabric Monthly Update - October 2025

FabCon Atlanta 2026