Sites.FullControl.All

Allows the application to have full control of all site collections on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the Sites.FullControl.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	a82116e5-55eb-4c41-a434-62fe8a61c773	5a54b8b3-347c-476d-8f8e-42d5c7424d29
DisplayText	Have full control of all site collections	Have full control of all site collections
Description	Allows the app to have full control of all site collections without a signed in user.	Allows the application to have full control of all site collections on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

• API [v1.0]
• API [beta]
• PowerShell [v1.0]
• PowerShell [beta]

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /driveitem/retentionLabel
	DELETE /drives/{drive-id}/items/{item-id}/retentionLabel
	DELETE /sites/{site-id}/columns/{column-id}
	DELETE /sites/{site-id}/contentTypes/{contentType-id}
	DELETE /sites/{site-id}/contentTypes/{contentType-id}/columns/{column-id}
	DELETE /sites/{site-id}/lists/{list-id}/columns/{column-id}
	DELETE /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}
	DELETE /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns/{column-id}
	DELETE /sites/{siteId}/lists/{listId}/items/{itemId}/documentSetVersions/{documentSetVersionId}
	DELETE /sites/{sitesId}/permissions/{permissionId}
	GET /sites/{site-id}/columns
	GET /sites/{site-id}/columns/{column-id}
	GET /sites/{site-id}/contentTypes
	GET /sites/{site-id}/contentTypes/{contentType-id}
	GET /sites/{site-id}/contentTypes/{contentType-id}/columns
	GET /sites/{site-id}/contentTypes/{contentType-id}/columns/{column-id}
	GET /sites/{site-id}/lists/{list-id}/columns
	GET /sites/{site-id}/lists/{list-id}/columns/{column-id}
	GET /sites/{site-id}/lists/{list-id}/contentTypes
	GET /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}
	GET /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns
	GET /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns/{column-id}
	GET /sites/{siteId}/contentTypes/{contentTypeId}/isPublished
	GET /sites/{siteId}/contentTypes/getCompatibleHubContentTypes
	GET /sites/{siteId}/getApplicableContentTypesForList
	GET /sites/{siteId}/lists/{listId}/contentTypes/getCompatibleHubContentTypes
	GET /sites/{siteId}/lists/{listId}/items/{itemId}/documentSetVersions
	GET /sites/{siteId}/lists/{listId}/items/{itemId}/documentSetVersions/{documentSetVersionId}
	GET /sites/{siteId}/lists/{listId}/operations
	GET /sites/{siteId}/lists/{listId}/operations/{richLongRunningOperation-ID}
	GET /sites/{siteId}/operations
	GET /sites/{siteId}/operations/{richLongRunningOperation-ID}
	GET /sites/{sitesId}/permissions
	GET /sites/{sitesId}/permissions/{permissionId}
	GET /sites/delta
	PATCH /sites/{site-id}/columns/{column-id}
	PATCH /sites/{site-id}/contentTypes/{contentType-id}
	PATCH /sites/{site-id}/contentTypes/{contentType-id}/columns/{column-id}
	PATCH /sites/{site-id}/lists/{list-id}/columns/{column-id}
	PATCH /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}
	PATCH /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns/{column-id}
	PATCH /sites/{sitesId}/permissions/{permissionId}
	POST /sites/{site-id}/columns
	POST /sites/{site-id}/contentTypes
	POST /sites/{site-id}/contentTypes/{contentType-id}/columns
	POST /sites/{site-id}/items/{item-id}/versions/{version-id}/restoreVersion
	POST /sites/{site-id}/lists/{list-id}/columns
	POST /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns
	POST /sites/{site-id}/lists/{list-id}/contentTypes/addCopy
	POST /sites/{site-id}/lists/{list-id}/items/{item-id}/versions/{version-id}/restoreVersion
	POST /sites/{siteId}/contentTypes/{contentTypeId}/associateWithHubSites
	POST /sites/{siteId}/contentTypes/{contentTypeId}/copyToDefaultContentLocation
	POST /sites/{siteId}/contentTypes/{contentTypeId}/publish
	POST /sites/{siteId}/contentTypes/{contentTypeId}/unpublish
	POST /sites/{siteId}/contentTypes/addCopyFromContentTypeHub
	POST /sites/{siteId}/lists/{listId}/contentTypes/addCopyFromContentTypeHub
	POST /sites/{siteId}/lists/{listId}/items/{itemId}/documentSetVersions
	POST /sites/{siteId}/lists/{listId}/items/{itemId}/documentSetVersions/{documentSetVersionId}/restore
	POST /sites/{sitesId}/permissions

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

• columnDefinition
• contentType
• createFromPageTemplate
• documentSetVersion
• drive
• driveItem
• fileStorageContainer
• identity
• itemReference
• List
• listItem
• pageTemplate
• Permission
• richLongRunningOperation
• sharePointGroup
• site
• sitePage
• workbookNamedItem

Graph reference: columnDefinition