I use delegation permission to obtain access token authorization. The user is a global administrator
The scope of authority is offline_ access User.ReadWrite.All Files.ReadWrite.All
I request the API to get the Same tenant subuser drive file
https://graph.microsoft.com/v1.0/users/xxx/drive/root/children
Return to access denied
https://graph.microsoft.com/v1.0/me/drive/root/children Return is normal
Please help me
It is expected.
Please see the delegated permission Files.ReadWrite.All.
It allows the app to access all files the signed-user CAN access. This means that unless that user shares the file with you, you will not have permission to access it.
Let's focus on the application permission Files.ReadWrite.All.
This permission allows the app to access all files.
This difference is what makes you confusing.
So with delegated permission (user token), in addition to Files.ReadWrite.All, you still need to let others share the file with you before you can access it.
