4

I need to map permissions for all SharePoint Online objects (Sites, Lists, List Items, Attachments, Files, Folders). It seems to be possible through the CSOM API, but haven't found anything similar in Microsoft Graph.

The following query successfully retrieves a requested item:

https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/

But the following query doesn't return the permissions as I expected:

https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/permissions

I received the following error:

{
    "error": {
        "code": "BadRequest",
        "message": "Resource not found for the segment 'permissions'.",
        "innerError": {
            "request-id": "ab9f4cfe-f0e1-433b-9767-96d4b3e58c59",
            "date": "2019-03-18T18:52:21"
        }
    }
}

The same error was received upon the following query as well:

https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/permissions

A year ago very similar question was asked, and the answer was that it is not possible.

Is it possible now? If yes then what am I doing wrong?

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
Natalie Polishuk
  • 183
  • 1
  • 12

2 Answers2

7

Neither the List or ListItem resource documentation shows permissions as a valid property or relationship.

If the List is a Document Library, then you can use the associated DriveItem to view it's permission collection:

GET /v1.0/sites/root/lists/{list-id}/items/{item-id}/driveitem/permissions

For example, executing /v1.0/sites/root/lists/eacf1ff2-7f98-4f71-963a-44e0cf35f608/items/4/driveitem/permissions in Graph Explorer returns:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('root')/lists('eacf1ff2-7f98-4f71-963a-44e0cf35f608')/items('4')/driveItem/permissions",
  "value": [
    {
      "id": "VGVhbSBTaXRlIE93bmVycw",
      "roles": ["owner"],
      "grantedTo": {
        "user": {
          "displayName": "Team Site Owners"
        }
      },
      "inheritedFrom": {}
    },
    {
      "id": "VGVhbSBTaXRlIFZpc2l0b3Jz",
      "roles": ["read"],
      "grantedTo": {
        "user": {
          "displayName": "Team Site Visitors"
        }
      },
      "inheritedFrom": {}
    },
    {
      "id": "VGVhbSBTaXRlIE1lbWJlcnM",
      "roles": ["write"],
      "grantedTo": {
        "user": {
          "displayName": "Team Site Members"
        }
      },
      "inheritedFrom": {}
    },
    //...
Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
  • Thank you for your response! Indeed the GET /v1.0/sites/root/lists/{list-id}/items/{item-id}/driveitem/permissions retrieved the permissions on the specific item. But is there a way to retrieve all permissions on the site, or specific list? – Natalie Polishuk Mar 19 '19 at 16:59
  • 1
    I'm afraid not. The `Drive` APIs support permissions but not the `Site` or `List` APIs. – Marc LaFleur Mar 19 '19 at 20:18
0

https://graph.microsoft.com/v1.0/sites/fa9c83ba-e4cb-43e7-b00d-cceb7a3a1ad4/lists/7b3815ab-5bd9-49f4-b99b-69bb8b7a62cf/items/1/driveitem/permissions

{
    "error": {
        "code": "invalidRequest",
        "message": "Cannot request driveItem for an item that is not in a document library",
        "innerError": {
            "date": "2021-03-02T07:46:28",
            "request-id": "ef9ca55a-74c0-4498-a040-2349ea03b2fe",
            "client-request-id": "29419c1b-b33e-ec2e-4ad4-b480779a86b2"
        }
    }
}
Nirmal Bagdia
  • 1
  • 1