We have a SharePoint site where users can only create and edit files indirectly, via an application that updates the site using Graph API calls using app permissions.
This means that the files are listed as having been created and updated by the app. It would be better if the files were listed as created by the users who created them, which would be possible by using delegated permissions instead of application permissions. However, we do not want to grant permissions to add documents to the site directly, so I am not sure we can give them permissions to add documents only via graph API calls?
Is this possible?