Reputation: 193
Retrieving SharePoint Online objects permissions via Microsoft Graph API
I need to map permissions for all SharePoint Online objects (Sites, Lists, List Items, Attachments, Files, Folders). It seems to be possible through the CSOM API, but haven't found anything similar in Microsoft Graph.
The following query successfully retrieves a requested item:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/
But the following query doesn't return the permissions as I expected:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/permissions
I received the following error:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'permissions'.",
"innerError": {
"request-id": "ab9f4cfe-f0e1-433b-9767-96d4b3e58c59",
"date": "2019-03-18T18:52:21"
}
}
}
The same error was received upon the following query as well:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/permissions
A year ago very similar question was asked, and the answer was that it is not possible.
Is it possible now? If yes then what am I doing wrong?
Upvotes: 4
Views: 4366
Answers (2)
Reputation: 1
{
"error": {
"code": "invalidRequest",
"message": "Cannot request driveItem for an item that is not in a document library",
"innerError": {
"date": "2021-03-02T07:46:28",
"request-id": "ef9ca55a-74c0-4498-a040-2349ea03b2fe",
"client-request-id": "29419c1b-b33e-ec2e-4ad4-b480779a86b2"
}
}
}
Upvotes: 0
Reputation: 33094
Neither the List or ListItem resource documentation shows permissions as a valid property or relationship.
If the List is a Document Library, then you can use the associated DriveItem to view it's permission collection:
GET /v1.0/sites/root/lists/{list-id}/items/{item-id}/driveitem/permissions
For example, executing /v1.0/sites/root/lists/eacf1ff2-7f98-4f71-963a-44e0cf35f608/items/4/driveitem/permissions in Graph Explorer returns:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('root')/lists('eacf1ff2-7f98-4f71-963a-44e0cf35f608')/items('4')/driveItem/permissions",
"value": [
{
"id": "VGVhbSBTaXRlIE93bmVycw",
"roles": ["owner"],
"grantedTo": {
"user": {
"displayName": "Team Site Owners"
}
},
"inheritedFrom": {}
},
{
"id": "VGVhbSBTaXRlIFZpc2l0b3Jz",
"roles": ["read"],
"grantedTo": {
"user": {
"displayName": "Team Site Visitors"
}
},
"inheritedFrom": {}
},
{
"id": "VGVhbSBTaXRlIE1lbWJlcnM",
"roles": ["write"],
"grantedTo": {
"user": {
"displayName": "Team Site Members"
}
},
"inheritedFrom": {}
},
//...
Upvotes: 7
Related Questions
- Microsoft Graph API - List all permissions/scopes the user has logged in with
- Permissions from Graph API seem to be empty
- Retrieving permission IDs for Microsoft Graph API - Delegated / Application Permissions GUID for various Scopes
- Microsoft Graph API Get all Permissions for library
- MS Graph Api Read Users that gave permissions
- Given a Facebook access token, how can I get the permissions it has?
- How to retrieve application permissions for personal Microsoft Account in Microsoft Graph API
- Get list of apps or permissions for a user in Office 365
- Retrieving SharePoint site author and permissions through Graph API
- How to get Microsoft Graph APIs group related permissions with administrator's consent