graph api share drive item without Files.Read permissions

0
votes

This is my scenario:

I have an app that needs a shared folder for user A and user B. So when the app starts, user A create an App Folder (user has only "Files.ReadWrite.AppFolder" permisions). In this folder I create a new drive item and set the permissions via invite for user B.

Now user B wants to access this drive item, but I get an access denied. Only when I set the scope to "Files.Read" it's working (this is the minimum permissions according to the docs), but I don't want to access all the files of the users drive.

Does anybody know if this scenario is even possible with the graph api or is there an other approach to accomplish this?

1
microsoft-graph-apionedrive

1 Answers

0
votes

According to your description, I assume you want to share some files to someone who is not in your organization.

I think we can create a sharelink for a file when we create it by using the following API: /sites/{siteId}/drive/items/{itemId}/createLink

In the body, we can set the scope property to organization. Then the User B will get the shared file only.

According to this document, we can create an sharelink to someone including he outside of your organization.