It appears you are mixing up Microsoft’s 2 different types of Oauth.
- Administrator grants are associated with an “application” permission type (no specific user logs in)
- Delegated permissions are associated with each specific user logging in through an application.
Delegated Type
If you have created a “system” user for “delegated” Oauth access, that user must be granted permission to access the specific files/folders. Then, if you.
- “connect” your
Microsoft Graph Security Oauth2 APICredentials item, using that “system” user - accept all the granted (delegated) permissions
- the node functions should work without getting 401/403/etc.
Application Type
If you need to use the “application” type Oauth
- Create a generic
OAuth2 APIcredential type, set theGrant TypetoClient Credentials - configure the
Access Token URL,Client ID, etc. - There is no user associated with this type of credential, so granting granular permissions to a particular user won’t affect anything.