admin管理员组

文章数量:1122849

Objective: To retrieve all items from a SharePoint site and their associated permissions (e.g., users, groups, site groups).

Our Approach:

1. Tracking changes: We use the endpoint /drives/{drive-id}/root/delta as documented here.

2. Fetching permissions for each item: For every item retrieved in Step 1, we call /drives/{drive-id}/items/{item-id}/permissions as per this documentation.

3. Permissions configuration:

  • Delegated Permissions: Files.Read.All, Sites.Read.All, User.ReadBasic.All, User.Read, GroupMember.Read.All, offline_access, email. Application Permission: Files.Read.All.

User Context:

  • The user account making these requests via graph.microsoft is limited to "Visitor" rights in SharePoint (part of a Visitor site group).
  • We cannot provide this user with permissions beyond "Read" in SharePoint or Azure. Similarly, we cannot grant our Azure App any Application permissions beyond "Read".

The Problem:

  • While the user is able to read SharePoint items successfully, the /drives/{drive-id}/items/{item-id}/permissions endpoint consistently returns an empty result. It seems the user does not have sufficient access to retrieve item permissions data.

Request for Assistance:

  • Is it possible to retrieve item permissions data under the constraints described (i.e., user with only "Read" rights in SharePoint and no additional Application permissions in Azure)?
  • If this is not possible, could you clarify the minimal set of permissions and/or configuration required to achieve our goal?
  • Are there any alternative approaches within the scope of our constraints that you recommend for retrieving SharePoint item permissions?

We managed to make this work, however we had to use Sites.FullControl.All, which we cannot be provided with in this situation.

本文标签:

版权声明:本文标题:graph - Unable to retrieve all items from a SharePoint site and their associated permissions (e.g., users, groups, site groups) 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736137605a1907193.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。