I am looking to see how I can get a list of all users, and groups, and users within groups, that have permissions to Libraries within Sharepoint.
I am trying to use MS Graph, but I am open to using the graph or the sharepoint rest api.
Any help would be appreciated!
Apparently the library I am trying to get these permissions for are in a "Web".
I have tried to use graph to find this "web", which I had thought was like a subsite, but have no idea how to find this in graph.
I can get to the "web" in the sharepoint rest api, and I can iterate through the library, but cannot seem to get all the users and groups that have permissions for said library.
My preference is the graph as I am moving pretty much anything I have that is connected to azure through graph, but at this point, either approach is fine.
Hi @RickDoll-0939,
According to my research and testing, you can follow these Graph API and Rest API to get SharePoint library permissions:
Graph API: GET /sites/{siteId}/drive/items/{itemId}/permissions
Rest API: GET _api/Web/lists/getByTitle('listtitle')/RoleAssignments?$expand=Member,RoleDefinitionBindings
More information is here:
Rest API: Get permission for any site and lists in SharePoint using Rest Api
Graph API: Get permission using Graph API
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @RickDoll-0939,
I am checking to see if the problem has been resolved. If you have any questions or progress, you can contact me in time.
Partially.
I was not able to get it to work through the graph, but I was able to get it to mostly work through the sharepoint api.
I will mark yours's as the answer.
Hi @RickDoll-0939,
Currently using Graph API, you can either get site permission and get drive item permissions, fetching permissions for list or library is not supported. You can upvote this feature request for list permissions user voice.
You can get subsite using GET /sites/domain.sharepoint.com:/{sitecoll}/{subsite}
Get all lists from a subsite GET /sites/domain.sharepoint.com:/{sitecoll}/{subsite}:/lists,
Drives GET /sites/domain.sharepoint.com:/{sitecoll}/{subsite}:/drives
Using SharePoint REST APIs you can get permissions for a site, list, library, item as well.
https://domain.sharepoint.com/sites/{sitecoll}/{subsite}/_api/web/lists/GetByTitle('{listTitle}')/RoleAssignments?$expand=Member
Refrences:
Hope this helps.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".
Hi,
On my side, when using the Graph API, I got a HTTP 400 error with this message:
{
"error": {
"code": "notSupported",
"message": "Operation not supported",
"innerError": {
"date": "2022-05-16T16:28:16",
"request-id": "c5121712-c485-4176-a827-8481a454c9ba",
"client-request-id": "e5f42bb8-5c4c-3329-fce4-0e77a9637233"
}
}
}
It was working a few days ago and now it is not working anymore...
Any changes on the Graph API side?
Hi @dgrmiddleway,
Can you share the Graph API which you are using.
In view of PII, We are unable to check logs based on request-id on community forums. Please raise a support case with Microsoft Graph from the tenant where the issue is happening, a specialized Support Engineer will be able to assist you better.
You can raise technical support request from https://aad.portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview or https://admin.microsoft.com/#/support/requests
Hope this helps.
We are using this API :
https://graph.microsoft.com/v1.0/sites/<host>.sharepoint.com,<siteid>/lists/<listid>/items?expand=fields(select=id,Title)&select=id&$filter=fields/Modified ge '2022-04-15T09:29:37.3541196Z' (this operation in the doc: listitem-list).
But we also tried to call this API https://graph.microsoft.com/v1.0/sites/<host>.sharepoint.com,<siteid>/permissions and we have an error telling that the operation is not supported... But it was working in the past (this operation in the doc: site-list-permissions).
@dgrmiddleway, This is supported only by application permission scope, hope you are using application permission not delegated scope.
https://docs.microsoft.com/en-us/graph/api/site-list-permissions?view=graph-rest-1.0&tabs=http
In fact, the API call was the right one, but there was an error in the Graph API after a recent deployment made by Microsoft, as explained in this post: the-34sitesselected34-permission-is-not-working-an.html
6 people are following this question.
