CODEWITHSUNDEEP
azuresharepointazure-active-directoryonedrive
mark
mark

Reputation: 2063

MS Graph API Permissions for OneDrive Upload

I'm trying to automate file uploads to OneDrive by doing a PUT to /drives/{drive-id}/items/{item-id}:/myfile.txt:/content. I've registered an application in Azure Active Directory but cannot figure out what permission/API I need to grant to be able to upload files. Additionally, I would like to only grant permission to the application to upload to a specific folder.

I should note that I do NOT want a delegate permission to upload files on behalf of a user - this is an automated job and won't be associated with a real user.

enter image description here

Upvotes: 3

Views: 2644

Answers (2)

Jorge Valvert
Jorge Valvert

Reputation: 986

The administrator can't give the permission for an specific user, but the complete directory , by doing this the application will have access to all drives across the directory , which may represent a security breach.

The workaround to solve this security problem is to create another directory, with the users who will share its drives and then grant the admin consent in the registered app, with the files.readwrite.all permissions.

Upvotes: 0

Sa Yang
Sa Yang

Reputation: 9401

You can add Microsoft Graph as the API and add Files.ReadWrite.All, Sites.ReadWrite.All in Application permissions. You can choose permissions from least to most privileged in two.

NOTE: Files.ReadWrite.All: its Display string in Application permissions is :Allows the app to read, create, update, and delete all files in all site collections without a signed in user.

This permission requires admin consent, so you need to use an admin account and click Grant permission button after adding this permission.

You can see the permissions for Uploading or replace the contents of a DriveItem in this documentation.

Upvotes: 2

Related Questions