Update sharing permission

Update the properties of a sharing permission by patching the permission resource.

Only the roles property can be modified this way.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Files.ReadWrite, Files.ReadWrite.All, Sites.ReadWrite.All
Delegated (personal Microsoft account) Files.ReadWrite, Files.ReadWrite.All
Application Files.ReadWrite.All, Sites.ReadWrite.All

HTTP request

PATCH /drives/{drive-id}/items/{item-id}/permissions/{perm-id}
PATCH /groups/{group-id}/drive/items/{item-id}/permissions/{perm-id}
PATCH /me/drive/items/{item-id}/permissions/{perm-id}
PATCH /sites/{site-id}/drive/items/{item-id}/permissions/{perm-id}
PATCH /users/{user-id}/drive/items/{item-id}/permissions/{perm-id}

Optional request headers

Name Type Description
if-match string If this request header is included and the eTag (or cTag) provided does not match the current tag on the item, a 412 Precondition Failed response is returned and the item will not be deleted.

Request body

In the request body, supply the values for relevant fields that should be updated.

Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

Property Type Description
roles String collection An array of permission types.


If successful, this method returns a 200 OK response code and updated permission object in the response body.


Here is an example of the request that changes the role on the sharing permission to read-only.

PATCH /me/drive/items/{item-id}/permissions/{perm-id}
Content-type: application/json

  "roles": [ "read" ]


If successful, this method returns a Permission resource in the response body that represents the updated state of the permission.

HTTP/1.1 200 OK
Content-type: application/json

  "grantedTo": {
    "user": {
      "displayName": "Ryan Gregg",
      "id": "efee1b77-fb3b-4f65-99d6-274c11914d12"
  "id": "1",
  "roles": [ "read" ]

SDK sample code

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var permission = new Permission
	Roles = new List<String>()

await graphClient.Me.Drive.Items["{item-id}"].Permissions["{perm-id}"]

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.

Error responses

Read the Error Responses topic for more information about how errors are returned.