Home > OS >  Microsoft Graph API and SharePoint files permissions
Microsoft Graph API and SharePoint files permissions

Time:11-04

I try with no success to give read or write access to an existing user (Office 365) on a Sharepoint drive folder.

With Graph Explorer the URL is like : https://graph.microsoft.com/v1.0/sites/{site id}/drive/items/{folder id}/permissions

I can get actual permissions with GET method, but with POST method and this body I've got Invalid Request :

{
    "grantedToV2": {
        "user": {
            "id": "xxxxxxx",
            "displayName": "xxx xxx"
        }
    },
    "roles": [
        "read"
    ]
}

I try with the powershell SDK and the New-MgDriveItemPermission too with no success.

Any help is welcome !

CodePudding user response:

In order to add permissions to an you will have to make a POST request to the below endpoint:

https://graph.microsoft.com/v1.0/sites/{site-id}/drive/items/{folder-id}/invite

With the body containing all the info about the invitation request as the below example:

{
  "requireSignIn": false,
  "sendInvitation": false,
  "roles": [ "read | write"],
  "recipients": [
    {
        "email": "{email of the user}"
    }
 ],
  "message": "string"
}

If your request is succesful the response you will get back will be of the below format:

Status: 200

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(permission)",
    "value": [
        {
            "@odata.type": "#microsoft.graph.permission",
            "id": "<some id>",
            "roles": [
                "write"
            ],
            "grantedTo": {
                "user": {
                    "email": "<user>@<tenant>.onmicrosoft.com",
                    "id": "<some id>",
                    "displayName": "<user's display name>"
                }
            }
        }
    ]

}

Below I will share with you the code snippet I got from Graph Explorer after creating a succesful request:

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var recipients = new List<DriveRecipient>()
{
    new DriveRecipient
    {
        Email =  "<user>@<tenant>.onmicrosoft.com"
    }
};

var message = "Here's the file that we're collaborating on.";

var requireSignIn = true;

var sendInvitation = true;

var roles = new List<String>()
{
    "write"
};

await graphClient.Sites["root"].Drive.Items["<folder-id>"]
    .Invite(recipients,requireSignIn,roles,sendInvitation,message,null,null,null)
    .Request()
    .PostAsync();

Notes

  1. You can find documentation about the endpoint here.
  2. If you try to add permissions to a Folder that inherits its permission model from the document library, you should watch out because in some cases if the user is not a member of the site groups, MS Graph might invoke unique permissions on the folder.

Page link:https//www.codepudding.com/os/599073.html

Prev:PowerShell: (Save files with the original name) Out-File -FilePath (keep the same name, without rena
Next:Delete everything in a file name BEFORE the last occurrence of an Underscore in Powershell?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding