author | description | ms.date | title | ms.localizationpriority | ms.subservice | doc_type |
---|---|---|---|---|---|---|
spgraph-docs-team |
List the effective sharing permissions of on a driveItem. |
09/10/2017 |
List sharing permissions on a driveItem |
medium |
sharepoint |
apiPageType |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
List the effective sharing permissions on a driveItem.
[!INCLUDE national-cloud-support]
The permissions collection includes potentially sensitive information and may not be available for every caller.
- For the owner of the item, all sharing permissions are returned. It includes co-owners.
- For a non-owner caller, only the sharing permissions that apply to the caller are returned.
- Sharing permission properties that contain secrets (for example,
shareId
andwebUrl
) are only returned for callers that are able to create the sharing permission.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
GET /drives/{drive-id}/items/{item-id}/permissions
GET /groups/{group-id}/drive/items/{item-id}/permissions
GET /me/drive/items/{item-id}/permissions
GET /me/drive/root:/{path}:/permissions
GET /sites/{siteId}/drive/items/{itemId}/permissions
GET /users/{userId}/drive/items/{itemId}/permissions
This method supports the $select
OData Query Parameters to customize the response.
Name | Type | Description |
---|---|---|
if-none-match | string | If this request header is included and the etag provided matches the current etag on the item, an HTTP 304 Not Modified response is returned. |
If successful, this method returns a 200 OK
response code and collection of Permission resources in the response body.
Effective sharing permissions of a driveItem can come from two sources:
- Sharing permissions applied directly on the driveItem itself
- Sharing permissions inherited from the driveItem's ancestors
Callers can differentiate if the permission is inherited or not by checking the inheritedFrom property. This property is an itemReference resource referencing the ancestor that the permission is inherited from.
This example retrieves the collection of permissions on an item in the signed in user's drive.
GET /me/drive/items/{item-id}/permissions
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
This example response includes three permissions, the first is a sharing link with edit permissions, the second is an explicit permission for a user named John, which was inherited from a parent folder, and the third is a read-write sharing link created by an application.
HTTP/1.1 200 OK
Content-Type: application/json
{
"value": [
{
"id": "1",
"roles": ["write"],
"link": {
"webUrl": "https://onedrive.live.com/redir?resid=5D33DD65C6932946!70859&authkey=!AL7N1QAfSWcjNU8&ithint=folder%2cgif",
"type": "edit"
}
},
{
"id": "2",
"@deprecated.GrantedTo": "GrantedTo has been deprecated. Refer to GrantedToV2",
"roles": ["write"],
"grantedTo": {
"user": {
"id": "5D33DD65C6932946",
"displayName": "Robin Danielsen"
}
},
"grantedToV2": {
"user": {
"id": "5D33DD65C6932946",
"displayName": "Robin Danielsen"
},
"siteUser": {
"id": "1",
"displayName": "Robin Danielsen",
"loginName": "Robin Danielsen"
}
},
"inheritedFrom": {
"driveId": "1234567890ABD",
"id": "1234567890ABC!123",
"path": "/drive/root:/Documents" }
},
{
"id": "3",
"roles": ["write"],
"link": {
"webUrl": "https://onedrive.live.com/redir?resid=5D33DD65C6932946!70859&authkey=!AL7N1QAfSWcjNU8&ithint=folder%2cgif",
"type": "edit",
"application": {
"id": "12345",
"displayName": "Contoso Time Manager"
}
}
}
]
}
The permissions relationship of driveItem can't be expanded as part of a call to get driveItem or a collection of driveItems. You must access the permissions property directly.
Read the Error responses topic for more information about how errors are returned.