Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Return the effective sharing permission for a particular permission resource.
Effective permissions of an item can come from two sources: permissions set directly on the item itself or permissions that are inherited from the item's ancestors.
Callers can differentiate if the permission is inherited or not by checking the inheritedFrom property.
This property is an ItemReference resource referencing the ancestor that the permission is inherited from.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet | 
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ | 
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
| Permission type | Least privileged permissions | Higher privileged permissions | 
|---|---|---|
| Delegated (work or school account) | Files.Read | Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All | 
| Delegated (personal Microsoft account) | Files.Read | Files.ReadWrite, Files.Read.All, Files.ReadWrite.All | 
| Application | Files.Read.All | Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All | 
HTTP request
GET /drives/{drive-id}/items/{item-id}/permissions/{perm-id}
GET /groups/{group-id}/drive/items/{item-id}/permissions/{perm-id}
GET /me/drive/items/{item-id}/permissions/{perm-id}
GET /sites/{site-id}/drive/items/{item-id}/permissions/{perm-id}
GET /users/{user-id}/drive/items/{item-id}/permissions/{perm-id}
Request headers
| Name | Description | 
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. | 
Optional query parameters
This method support the $select query parameter to shape the response.
Response
If successful, this method returns a 200 OK response code and Permission resource in the response body.
Example
Request
The following example shows a request to access a permission on a folder.
GET /me/drive/items/{item-id}/permissions/{perm-id}
Response
If successful, this method returns a Permission resource for the specified ID.
HTTP/1.1 200 OK
Content-type: application/json
{
  "@deprecated.GrantedTo": "GrantedTo has been deprecated. Refer to GrantedToV2",
  "grantedTo": {
    "user": {
      "displayName": "Robin Danielsen",
      "id": "efee1b77-fb3b-4f65-99d6-274c11914d12"
    }
  },
  "grantedToV2": {
    "user": {
      "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
      "displayName": "Robin Danielsen"
    },
    "siteUser": {
      "id": "1",
      "displayName": "Robin Danielsen",
      "loginName": "Robin Danielsen"
    }
  },
  "id": "1",
  "roles": [ "write" ]
}
Remarks
The Permission resource uses facets to provide information about the kind of permission represented by the resource.
Permissions with a link facet represent sharing links created on the item. Sharing links contain a unique token that provides access to the item for anyone with the link.
Permissions with a invitation facet represent permissions added by inviting specific users or groups to have access to the file.
Error responses
Read the Error Responses topic for more information about how errors are returned.