question

Adam-9931 avatar image
0 Votes"
Adam-9931 asked ZehuiYaoMSFT-7151 edited

Why am I only getting sharepoint groups when requesting a DriveObject's permissions

I am calling /drives/<drive-id>/items/<item-id>?expand=listItem,permissions and am only getting sharepoint groups listed in the file's permissions. There are microsoft 365 groups assigned to the sharepoint site and I have seen the corresponding 365 group listed in this very permissions list before, but it seems to have disappeared.

The scope of the access token I am using is:
User.ReadBasic.All+Group.Read.All+Directory.AccessAsUser.All+Files.Read+Files.Read.All+Sites.Read.All+offline_access

sharepoint-devmicrosoft-graph-files
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JanardhanaVedham-MSFT avatar image
1 Vote"
JanardhanaVedham-MSFT answered JanardhanaVedham-MSFT edited

Hi @Adam-9931 ,

I have verified the below Microsoft Graph API end points and both returns permissions object/resource in API response.

GET /drives/{drive-id}/items/{item-id}?expand=listItem,permissions
GET /drives/{drive-id}/items/{item-id}/permissions

However as mentioned in this permissions resource documentation, grantedTo property will return IdentitySet and the IdentitySet resource and it's supported properties are application,device and user. M365 Group is no more supported property of IdentitySet and hence you might be seeing the difference in response.

197598-image.png

Please note the below 2 important points on permissions resource type :

  1. As mentioned here, grantedTo and grantedToIdentities will be deprecated going forward and the response will be migrated to grantedToV2 and grantedToIdentitiesV2 respectively under appropriate property names.

197672-image.png

2.As mentioned here, grantedToV2 propery will return SharePointIdentitySet resource and currently it supports siteUser (i.e,SharePoint user) and siteGroup (i.e., SharePoint group) properies. It does not support or return M365 group property.

197606-image.png

Hope this helps.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have any further questions about this answer, please click "Comment".



image.png (59.4 KiB)
image.png (46.6 KiB)
image.png (8.8 KiB)
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the response. With this change, how can I get a M365 group that is assigned to a Sharepoint Site? Is there no way to do this now?

0 Votes 0 ·

I am also trying /sites/<site-id>/permissions and getting a blank array for the value.

0 Votes 0 ·

Hi @Adam-9931 ,

Thanks for your reply. Please find the clarifications on your follow up questions :

  1. As mentioned above, Drive Item List Permissions API currently returns and supports siteUser (i.e,SharePoint user) and siteGroup (i.e., SharePoint group) properties and it does not support or return M365 group property.

  2. SharePoint List Permissions AP ( GET /sites/{sitesId}/permissions ) returns the permissions granted to an registered azure AD app on a SharePoint site. Example : App is registered in Azure AD and permissions granted to that app(s) on a given SharePoint site will be returned as part this API response.

  3. For getting group associated to teams or SharePoint site and you try using Groups Graph API :

List Groups : GET https://graph.microsoft.com/v1.0/groups
Get Group : GET https://graph.microsoft.com/v1.0/groups/{group-id}

Hope this helps.

If the above provided answer is helpful to you, please click "Accept Answer" and kindly upvote it, so that it will also useful for other community users. If you have any further questions about this answer, please click "Comment".

0 Votes 0 ·
Show more comments