通过 Microsoft Graph 检索 SharePoint Online 对象权限 API
Retrieving SharePoint Online objects permissions via Microsoft Graph API
我需要映射所有 SharePoint Online 对象(站点、列表、列表项、附件、文件、文件夹)的权限。似乎可以通过 CSOM API,但尚未在 Microsoft Graph 中找到任何类似的内容。
以下查询成功retrieves a requested item:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/
但是下面的查询没有return我预期的权限:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/permissions
我收到以下错误:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'permissions'.",
"innerError": {
"request-id": "ab9f4cfe-f0e1-433b-9767-96d4b3e58c59",
"date": "2019-03-18T18:52:21"
}
}
}
以下查询也收到相同的错误:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/permissions
一年前有人问very similar question,回答是不可能。
现在可以吗?如果是,那我做错了什么?
List or ListItem 资源文档均未将 permissions 显示为有效的 属性 或关系。
如果 List 是一个文档库,那么您可以使用关联的 DriveItem to view it's permission 集合:
GET /v1.0/sites/root/lists/{list-id}/items/{item-id}/driveitem/permissions
例如在Graph Explorer中执行/v1.0/sites/root/lists/eacf1ff2-7f98-4f71-963a-44e0cf35f608/items/4/driveitem/permissions returns:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('root')/lists('eacf1ff2-7f98-4f71-963a-44e0cf35f608')/items('4')/driveItem/permissions",
"value": [
{
"id": "VGVhbSBTaXRlIE93bmVycw",
"roles": ["owner"],
"grantedTo": {
"user": {
"displayName": "Team Site Owners"
}
},
"inheritedFrom": {}
},
{
"id": "VGVhbSBTaXRlIFZpc2l0b3Jz",
"roles": ["read"],
"grantedTo": {
"user": {
"displayName": "Team Site Visitors"
}
},
"inheritedFrom": {}
},
{
"id": "VGVhbSBTaXRlIE1lbWJlcnM",
"roles": ["write"],
"grantedTo": {
"user": {
"displayName": "Team Site Members"
}
},
"inheritedFrom": {}
},
//...
{
"error": {
"code": "invalidRequest",
"message": "Cannot request driveItem for an item that is not in a document library",
"innerError": {
"date": "2021-03-02T07:46:28",
"request-id": "ef9ca55a-74c0-4498-a040-2349ea03b2fe",
"client-request-id": "29419c1b-b33e-ec2e-4ad4-b480779a86b2"
}
}
}
我需要映射所有 SharePoint Online 对象(站点、列表、列表项、附件、文件、文件夹)的权限。似乎可以通过 CSOM API,但尚未在 Microsoft Graph 中找到任何类似的内容。
以下查询成功retrieves a requested item:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/
但是下面的查询没有return我预期的权限:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/items/{item ID}/permissions
我收到以下错误:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'permissions'.",
"innerError": {
"request-id": "ab9f4cfe-f0e1-433b-9767-96d4b3e58c59",
"date": "2019-03-18T18:52:21"
}
}
}
以下查询也收到相同的错误:
https://graph.microsoft.com/beta/sites/root/Lists/{List ID}/permissions
一年前有人问very similar question,回答是不可能。
现在可以吗?如果是,那我做错了什么?
List or ListItem 资源文档均未将 permissions 显示为有效的 属性 或关系。
如果 List 是一个文档库,那么您可以使用关联的 DriveItem to view it's permission 集合:
GET /v1.0/sites/root/lists/{list-id}/items/{item-id}/driveitem/permissions
例如在Graph Explorer中执行/v1.0/sites/root/lists/eacf1ff2-7f98-4f71-963a-44e0cf35f608/items/4/driveitem/permissions returns:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('root')/lists('eacf1ff2-7f98-4f71-963a-44e0cf35f608')/items('4')/driveItem/permissions",
"value": [
{
"id": "VGVhbSBTaXRlIE93bmVycw",
"roles": ["owner"],
"grantedTo": {
"user": {
"displayName": "Team Site Owners"
}
},
"inheritedFrom": {}
},
{
"id": "VGVhbSBTaXRlIFZpc2l0b3Jz",
"roles": ["read"],
"grantedTo": {
"user": {
"displayName": "Team Site Visitors"
}
},
"inheritedFrom": {}
},
{
"id": "VGVhbSBTaXRlIE1lbWJlcnM",
"roles": ["write"],
"grantedTo": {
"user": {
"displayName": "Team Site Members"
}
},
"inheritedFrom": {}
},
//...
{
"error": {
"code": "invalidRequest",
"message": "Cannot request driveItem for an item that is not in a document library",
"innerError": {
"date": "2021-03-02T07:46:28",
"request-id": "ef9ca55a-74c0-4498-a040-2349ea03b2fe",
"client-request-id": "29419c1b-b33e-ec2e-4ad4-b480779a86b2"
}
}
}