Share via

Graph API : List Permissions returns empty [] array for a file from SharePoint

sharepoint test 0 Reputation points
2024-05-03T06:50:55.75+00:00

Hi All,

I have configured an Azure App and almost all permissions as delegated for Graph and SharePoint(have given the application level as well however that won't be applicable here I think).

When I am trying to use the endpoint "GET /drives/{drive-id}/items/{item-id}/permissions" ,
I am getting empty [] permissions in the following scenarios:

  1. The user for which I am getting the token to access the file permission, is not part of any group in SharePoint and the file has not been shared with him.
  2. The user is part of the group however the group has read permission only and not edit permission.

When I provide "edit" permission to the group, the user is part of, the above endpoints start giving permissions.

Could you please suggest the following:

Q1. Users for which the Azure app has been configured using a delegated account should either have direct edit access to the files or should be part of group which has edit access?

Q2. Is there a way I can create a user or a group with edit permission for all the sites under the root site so that the user can access all the file's permissions?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,772 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,793 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RaytheonXie_MSFT 32,081 Reputation points Microsoft Vendor
    2024-05-06T02:36:02.28+00:00

    Hi @sharepoint test ,

    You will need a delegated account with direct edit access to the files to list the permission of the item. If you are Delegated (work or school account) it will support Sites.ReadWrite.All permission. And if you are Delegated (personal Microsoft account). It's not supported to create Sites.ReadWrite.All permission.

    Here is the document for reference

    https://learn.microsoft.com/en-us/graph/api/driveitem-list-permissions?view=graph-rest-1.0&tabs=http

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.