Microsoft Graph API - File permissions (User vs. Groups)

Question

Hello,

We are trying to check if a given user has access to a SharePoint file (ideally with the permission too)

We use the File.ReadAll permission.

Unfortunately for Sharepoint, when we use the Permissions endpoint we get Groups permissions.

The Groups Permissions don't disclose either the Group ID or the users that are within that Group

I also use this endpoint to find which Groups the user is part of but:

• it only provides the ID for each group (the rest of the fields are null)
• the group Id doesn't match the field grantedToV2.siteGroup.id either => grantedToV2.siteGroup.id looks like a id while groupId is a uuid

  {
    "@deprecated.GrantedTo": "GrantedTo has been deprecated. Refer to GrantedToV2",
    id: "SOME-SHARE-ID",
    roles: [
      "write",
    ],
    shareId: "SOME-SHARE-ID",
    grantedToV2: {
      siteGroup: {
        "@odata.type": "#microsoft.graph.sharePointIdentity",
        displayName: "SOME DISPLAY NAME",
        id: "6",
        loginName: "SOME DISPLAY NAME",
      },
    },
    grantedTo: {
      user: {
        displayName: "SOME DISPLAY NAME",
      },
    },
    inheritedFrom: {
    },
  },

Ideally I want to keep the current permissions (Files.ReadAll) for security reasons

But I need to understand what is the ID grantedToV2.siteGroup.id and how can I map it to the list of groups the user belongs to

Answer 1

Hi @Saad Bahir,

As mentioned here, grantedToV2 propery will return SharePointIdentitySet resource and currently it supports siteUser (i.e,SharePoint user) and siteGroup (i.e., SharePoint group) properies. It does not support or return M365 group property.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.