Edit

Get sharing permission for a file or folder

  • Article

Namespace: microsoft.graph

Return the effective sharing permission for a particular permission resource.

Effective permissions of an item can come from two sources: permissions set directly on the item itself or permissions that are inherited from the item's ancestors.

Callers can differentiate if the permission is inherited or not by checking the inheritedFrom property. This property is an ItemReference resource referencing the ancestor that the permission is inherited from.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Files.Read Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
Delegated (personal Microsoft account) Files.Read Files.ReadWrite, Files.Read.All, Files.ReadWrite.All
Application Files.Read.All Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All

HTTP request

GET /drives/{drive-id}/items/{item-id}/permissions/{perm-id}
GET /groups/{group-id}/drive/items/{item-id}/permissions/{perm-id}
GET /me/drive/items/{item-id}/permissions/{perm-id}
GET /sites/{site-id}/drive/items/{item-id}/permissions/{perm-id}
GET /users/{user-id}/drive/items/{item-id}/permissions/{perm-id}

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.

Optional query parameters

This method support the $select query parameter to shape the response.

Response

If successful, this method returns a 200 OK response code and Permission resource in the response body.

Example

Request

The following example shows a request to access a permission on a folder.

GET /me/drive/items/{item-id}/permissions/{perm-id}

Response

If successful, this method returns a Permission resource for the specified ID.

HTTP/1.1 200 OK
Content-type: application/json

{
  "@deprecated.GrantedTo": "GrantedTo has been deprecated. Refer to GrantedToV2",
  "grantedTo": {
    "user": {
      "displayName": "Robin Danielsen",
      "id": "efee1b77-fb3b-4f65-99d6-274c11914d12"
    }
  },
  "grantedToV2": {
    "user": {
      "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
      "displayName": "Robin Danielsen"
    },
    "siteUser": {
      "id": "1",
      "displayName": "Robin Danielsen",
      "loginName": "Robin Danielsen"
    }
  },
  "id": "1",
  "roles": [ "write" ]
}

Remarks

The Permission resource uses facets to provide information about the kind of permission represented by the resource.

Permissions with a link facet represent sharing links created on the item. Sharing links contain a unique token that provides access to the item for anyone with the link.

Permissions with a invitation facet represent permissions added by inviting specific users or groups to have access to the file.

Error responses

Read the Error Responses topic for more information about how errors are returned.