Retrieving SharePoint Online objects permissions via Microsoft Graph API

3
votes

I need to map permissions for all SharePoint Online objects (Sites, Lists, List Items, Attachments, Files, Folders). It seems to be possible through the CSOM API, but haven't found anything similar in Microsoft Graph.

The following query successfully retrieves a requested item:

https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/

But the following query doesn't return the permissions as I expected:

https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/permissions

I received the following error:

{
    "error": {
        "code": "BadRequest",
        "message": "Resource not found for the segment 'permissions'.",
        "innerError": {
            "request-id": "ab9f4cfe-f0e1-433b-9767-96d4b3e58c59",
            "date": "2019-03-18T18:52:21"
        }
    }
}

The same error was received upon the following query as well:

https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/permissions

A year ago very similar question was asked, and the answer was that it is not possible.

Is it possible now? If yes then what am I doing wrong?

2
microsoft-graph-apisharepoint-online

2 Answers

4
votes

Neither the List or ListItem resource documentation shows permissions as a valid property or relationship.

If the List is a Document Library, then you can use the associated DriveItem to view it's permission collection:

GET /v1.0/sites/root/lists/{list-id}/items/{item-id}/driveitem/permissions

For example, executing /v1.0/sites/root/lists/eacf1ff2-7f98-4f71-963a-44e0cf35f608/items/4/driveitem/permissions in Graph Explorer returns:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('root')/lists('eacf1ff2-7f98-4f71-963a-44e0cf35f608')/items('4')/driveItem/permissions",
  "value": [
    {
      "id": "VGVhbSBTaXRlIE93bmVycw",
      "roles": ["owner"],
      "grantedTo": {
        "user": {
          "displayName": "Team Site Owners"
        }
      },
      "inheritedFrom": {}
    },
    {
      "id": "VGVhbSBTaXRlIFZpc2l0b3Jz",
      "roles": ["read"],
      "grantedTo": {
        "user": {
          "displayName": "Team Site Visitors"
        }
      },
      "inheritedFrom": {}
    },
    {
      "id": "VGVhbSBTaXRlIE1lbWJlcnM",
      "roles": ["write"],
      "grantedTo": {
        "user": {
          "displayName": "Team Site Members"
        }
      },
      "inheritedFrom": {}
    },
    //...
0
votes

https://graph.microsoft.com/v1.0/sites/fa9c83ba-e4cb-43e7-b00d-cceb7a3a1ad4/lists/7b3815ab-5bd9-49f4-b99b-69bb8b7a62cf/items/1/driveitem/permissions

{
    "error": {
        "code": "invalidRequest",
        "message": "Cannot request driveItem for an item that is not in a document library",
        "innerError": {
            "date": "2021-03-02T07:46:28",
            "request-id": "ef9ca55a-74c0-4498-a040-2349ea03b2fe",
            "client-request-id": "29419c1b-b33e-ec2e-4ad4-b480779a86b2"
        }
    }
}