I have an ID of an OneDrive drive. Is there any way I can figure out the user ID to whom the OneDrive drive belongs to?
When you call
GET /drives/{drive-id}
it returns Drive resource type with Owner property. It's the user account that owns the drive and it includes user id.
{
"id": "b!t18F8ybsHUq1z3LTz8xvZqP8zaSWjkFNhsME-Fepo75dTf9vQKfeRblBZjoSQrd7",
"driveType": "business",
"owner": {
"user": {
"id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
"displayName": "John Doe"
}
},
...
}
Related
So I've been trying to get email addresses of people that have access to certain files in a Sharepoint document library of a site through the use of the Microsoft Graph API. Below is an example of how my permission object looks like, which is retrieved from https://graph.microsoft.com/v1.0/sites/<site id>/drives/<drive id>/items/<item id>/permissions.
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('...')/drives('...')/items('...')/permissions",
"value": [
{
"id": "...",
"roles": ["owner"],
"grantedTo": { "user": { "displayName": "testsite - Eigenaars" } },
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["read"],
"grantedTo": { "user": {"displayName": "testsite - Bezoekers"} },
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["write"],
"grantedTo": { "user": { "displayName": "testsite - Leden" } },
"inheritedFrom": {}
},
{
"id": "...",
"roles": [
"write"
],
"grantedToV2": {
"siteGroup": {
"displayName": "Developers",
"id": "120",
"loginName": "Developers"
}
},
"grantedTo": {
"user": {
"displayName": "Developers"
}
},
"inheritedFrom": {}
},
{
"id": "...",
"roles": ["owner"],
"grantedTo": {
"user": {
"email": "testsite#mysharepoint",
"id": "uuid",
"displayName": "testsite - Eigenaars"
}
},
"inheritedFrom": {}
}
]
}
I assume the testsite in the displayName property is a group name (probably the group that belongs to the site the file resides in), but I have seen cases where I can't find this group name in the groups retrieved from the /groups endpoint in the Graph API.
You can also see the group Developers, which I haven't managed to find in the full group list retrieved from /groups.
The documentation around this is quite vague and unclear to me. Somewhere I read that this lack of data could be due to authentication scopes, but I have "god mode" administrator rights in this Sharepoint environment, so that would seem strange to me.
My main goal is to be able to get all users that have access to a specific file.
Thanks in advance!
1. I assume the testsite in the displayName property is a group name, but I have seen cases where I can't find this group name in the groups retrieved from the /groups endpoint in the Graph API.
This is because as per Drive Item Permission >> Identity Set >> Identity resource type Quoting
The identity's display name. Note that this may not always be available or up to date. For example, if a user changes their display name, the API may show the new value in a future response, but the items associated with the user won't show up as having changed when using
This can explain why sometimes you don't see the group name in your groups.
I suggest you use the id.
2. My main goal is to be able to get all users that have access to a specific file.
Do you have any users that appear on the Has Access section of the drive item on sharepoint? For users you should be able to get permissions and use the ids to Get directoryObject using the id values from grantedToIdentitiesV2 or grantedToV2 which will return odate type.
GET https://graph.microsoft.com/v1.0/directoryObjects/{id}?$select=id
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects(id)/$entity",
"#odata.type": "#microsoft.graph.group or user or application",
"id": "id"
}
For groups, the users would be the members of the group.
I have a SharePoint site where there is a drive that is not the default drive (Shared Documents). How do I access this drive?
Normally to access a file that would be mysite.com/Shared Documents/folder, I would do the following get the site id:
GET /v1.0/sites/{sharepoint.mycompany.com}:/sites/{mySite}:/
I could then retrieve the default drive using:
GET /v1.0/sites/{mySiteId}/drive
In this case, my fail is not in the default drive. How do I access a different drive?
You need to address the /drives collection rather than the default /drive. You can retrieve the list of Drives that belong to a site by calling:
GET /v1.0/sites/{siteId}/drives?select=id,name
This will return a collection of drive resources:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives",
"value": [
{
"id": "id1",
"name": "Documents"
},
{
"id": "id2",
"name": "Other Documents"
}
]
}
You can then address the drive by id like this:
GET /v1.0/sites/{siteId}/drives/{driveId}
We are getting the permissions of a driveItem using Microsoft Graph as documented here.
Each returned permission object usually contains a grantedTo field that has an IdentitySet as its value. But the issue with that is that each Identity is always a user:
"grantedTo": {
"user": {
"displayName": "data Owners",
"email": "data#example.onmicrosoft.com",
"id": "94c3e81b-f6fb-43c6-8df5-b98462ccf191"
}
}
"grantedTo": {
"user": {
"displayName": "Data Members"
}
}
This occurs even though those are Groups. So there's no way, using this data, to identify with certainty what is a Group and what is a User.
We want to avoid any additional request to do so as this can become quite inefficient.
Thus we are asking is there a way to identify if it is a group or user, without any additional API requests? For example some undocumented query parameters or relationships?
I'm afraid this isn't possible because the IdentitySet itself doesn't distinguish between Users and Groups:
{
"application": {"#odata.type": "microsoft.graph.identity"},
"device": {"#odata.type": "microsoft.graph.identity"},
"user": {"#odata.type": "microsoft.graph.identity"}
}
In my application, the user signs in using their Office365 credentials and then
I want to import the data of the users (id, mail, displayName) in the same
organization into my database.
When another person from the same organization logs in into my app, that other
person should see the same list of users as the first one.
I tried several queries in the Graph Explorer, but none
of them has a response, which would allow to determine that two people belong
to the same organization.
"My profile" (/v1.0/me/) response contains a lot
of data, but no tenant ID (or something similar):
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "16f5a7b6-5a15-4568-aa5a-31bb117e9967",
"businessPhones": [],
"displayName": "Anne Weiler",
"givenName": "Anne",
"jobTitle": "Manufacturing Lead",
"mail": "annew#CIE493742.onmicrosoft.com",
"mobilePhone": "+1 3528700812",
"officeLocation": null,
"preferredLanguage": "en-US",
"surname": "Weiler",
"userPrincipalName": "annew#CIE493742.onmicrosoft.com"
}
Same applies to the "all users in the organization" (/v1.0/users) response.
How can I extract the information from Microsoft Graph that would allow me to
detect that two different users work in the same organization?
You could use the id returned by the /organiozation endpoint:
https://graph.microsoft.com/v1.0/organization?$select=id,displayName
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#organization(id,displayName)",
"value": [
{
"id": "c07ab59f-ce09-49f8-b4c4-9c6dd4f0d8bb",
"displayName": "Microsoft API Sandbox"
}
]
}
I'm trying to access Microsoft Planner data through Graphs API from SharePoint(Online) and getting success response message also.
But the problem is "DisplayName" field is null for all user sections in JSON data (such as createdBy, assignedBy,completedBy etc)
Example :
"assignments": {
"309249ab-fe3e-4ed7-8d64-3c6187527437": {
"#odata.type": "#microsoft.graph.plannerAssignment",
"assignedBy": {
"user": {
"displayName": null,
"id": "s33dfsdf-fe3e-4ed7-8d64-3c6187527437"
}
},
"createdBy": {
"user": {
"displayName": null,
"id": "fsdfsf-fe3e-4ed7-8d64-3c6187527437"
}
"completedBy": {
"user": {
"displayName": null,
"id": "fsdlhfdals-fe3e-4ed7-8d64-3c6187527437"
}
}
How to get the display names from Planner API?
Planner data does not include display names. Display names need to be obtained separately. Group membership information for the containing group (groups/<id>/members) will contain display name (and more) information for user ids returned in plan and task information, for all users who are still members of the group. The id of the group that contains the plan is specified by the owner field of the plan. Remaining users' information can be obtained by reading those users directly (users/<id>).