Microsoft graph api /drives/{drive-id}/items/{item-id}/invite does not grant permissions to the given item for the invited user

Question

Microsoft graph api /drives/{drive-id}/items/{item-id}/invite does not grant permissions to the given item for the invited user

David Pöschl 0

The drive is a normal folder created on a sharepoint site(not a private OneDrive) with documents in the given drive-id. I can grant the given user permissions through the SharePoint UI.
When calling POST to /drives/{drive-id}/items/{item-id}/invite endpoint using Graph API explorer with this body:

{
    "recipients": [
        {
            "email": "{user-email}"
        }
    ],
    "message": "",
    "requireSignIn": true,
    "sendInvitation": false,
    "roles": [
        "write"
    ]
}

I get a response OK - 200 - 566ms with response body being:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(permission)",
    "value": [
        {
            "@odata.type": "#microsoft.graph.permission",
            "id": "{id}",
            "roles": [
                "write"
            ],
            "grantedTo": {
                "user": {
                    "email": "{correct-user-email}",
                    "id": "{correct-user-id}",
                    "displayName": "{correct-user-displayName}"
                }
            }
        }
    ]
}

This response contains only deprecated grantedTo without grantedToV2, and the user does not have the proper permissions for the given driveItem when I check it on SharePoint.

1 answer

Your answer

Answer 1

ChengFeng - MSFT 5,045 Microsoft External Staff

Hi @David Pöschl

Personal OneDrive will not return the grantedToV2 parameter

Here is a link for your reference:

https://learn.microsoft.com/en-us/answers/questions/1079737/inconsistency-between-grantedtov2-and-grantedto-re

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best Regards

Cheng Feng

David Pöschl 0 Reputation points

2023-07-19T08:22:59.32+00:00

Hi @Anonymous , thank you for reaching out, but as I said it is not a private oneDrive, I know these do not work the same, it is on a standard sharepoint site.
David Pöschl 0 Reputation points

2023-07-19T08:25:44.2+00:00

The main problem is not even that It doesn't return the correct GrantedToV2, but that the user does not get permissions to the given item even though the server returns 200 OK.
ChengFeng - MSFT 5,045 Reputation points Microsoft External Staff

2023-08-08T02:04:22.6666667+00:00

Hi,

If it returns 200, it looks like permission should be granted. Sorry, I can't reproduce your problem in my scenario.
Ed Freeman 6 Reputation points

2025-03-12T12:11:00.9466667+00:00

Cross-posting from Permissions Not Visible in SharePoint Document Library Files Despite Being Set via Microsoft Graph API which is a similar thread.

I observed similar behaviour. The /invite endpoint returned a successful (200) response and provided a permissionId and seemingly valid details of the user/group.

However, the new permission wasn't visible in the UI, and the permissionId from the previous step returned a 404 when querying GET /sites/{siteId}/drives/{driveId}/items/{itemId}/permissions/{permissionId}.

In my case, I deduced that it was because the user/group I was trying to assign permissions already had permissions on the item through some other means.

For example, one "group" to which I was attempting to assign permissions on an item already had a site-level role (Site Member, I think). Another example was that a "user" was already part of a group that already had direct permissions on that item.

So I think if the principal to which you are trying to assign access already has access to the corresponding item inherited via other means, then the "new" permission you add won't be visible in the UI. That's at least what I have observed.

When adding permissions using the same code to a user/group that didn't already have permissions, everything worked fine.

Hope this helps!

Share via

Microsoft graph api /drives/{drive-id}/items/{item-id}/invite does not grant permissions to the given item for the invited user

1 answer

Your answer