命名空间:microsoft.graph
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
在 driveItem 上创建新的权限对象。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
✅ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
Files.ReadWrite |
Files.ReadWrite.All、Files.SelectedOperations.Selected、Sites.ReadWrite.All、Sites.FullControl.All、Sites.Manage.All、Sites.Selected、Lists.SelectedOperations.Selected、ListItems.SelectedOperations.Selected |
| 委派(个人 Microsoft 帐户) |
Files.ReadWrite |
Files.ReadWrite.All |
| 应用程序 |
Files.ReadWrite.All |
Sites.FullControl.All、Sites.Manage.All、Sites.ReadWrite.All、Sites.Selected、Files.SelectedOperations.Selected、Lists.SelectedOperations.Selected、ListItems.SelectedOperations.Selected |
注意
SharePoint Embedded 需要 FileStorageContainer.Selected 权限才能访问容器的内容。 此权限不同于前面提到的权限。 除了Microsoft Graph 权限外,应用还必须具有调用此 API 所需的 容器类型权限 。 有关详细信息,请参阅 SharePoint Embedded 身份验证和授权。
HTTP 请求
POST /drives/{drive-id}/items/{item-id}/permissions
POST /groups/{group-id}/drive/items/{item-id}/permissions
POST /me/drive/items/{item-id}/permissions
POST /sites/{siteId}/drive/items/{itemId}/permissions
POST /users/{userId}/drive/items/{itemId}/permissions
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-Type |
application/json. 必需。 |
请求正文
在请求正文中,提供 权限 对象的 JSON 表示形式。
重要
- 此 API 仅接受
grantedToV2 作为 权限 对象的输入。 不接受其他属性,例如 grantedToIdentitiesV2 或 已 grantedTo 弃用和 grantedToIdentities 。
- 对于 SharePoint Embedded,在创建新的 sharePointGroup 权限时,请求正文必须同时包括
id 属性中grantedToV2.siteGroup引用的 sharePointGroup 的 和 displayName 。 请参阅 示例 2。
响应
如果成功,此方法在 201 Created 响应正文中返回响应代码和 权限 对象。
示例
示例 1:在 OneDrive 或 SharePoint Online 中向 driveItem 添加应用程序权限
以下示例演示如何在 由 89ea5c94-7736-4e25-95ad-3fa95f62b66e标识的Contoso Time Manager App驱动器中由 标识01V4EPHZNV2OJQJNBPWNCKDTXCQ5TSVBJU的 driveItem 上为 标识b!s8RqPCGh0ESQS2EYnKM0IKS3lM7GxjdAviiob7oc5pXv_0LiL-62Qq3IXyrXnEop的应用程序添加write权限。
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/drives/b!s8RqPCGh0ESQS2EYnKM0IKS3lM7GxjdAviiob7oc5pXv_0LiL-62Qq3IXyrXnEop/items/01V4EPHZNV2OJQJNBPWNCKDTXCQ5TSVBJU/permissions
Content-Type: application/json
{
"grantedToV2": {
"application": {
"id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e"
}
},
"roles": ["write"]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new Permission
{
GrantedToIdentitiesV2 = new SharePointIdentitySet
{
Application = new Identity
{
Id = "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
DisplayName = "Contoso Time Manager App",
},
},
Roles = new List<string>
{
"write",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Drives["{drive-id}"].Items["{driveItem-id}"].Permissions.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewPermission()
grantedToIdentitiesV2 := graph.NewSharePointIdentitySet()
application := graphmodels.NewIdentity()
id := "89ea5c94-7736-4e25-95ad-3fa95f62b66e"
application.SetId(&id)
displayName := "Contoso Time Manager App"
application.SetDisplayName(&displayName)
grantedToIdentitiesV2.SetApplication(application)
requestBody.SetGrantedToIdentitiesV2(grantedToIdentitiesV2)
roles := []string {
"write",
}
requestBody.SetRoles(roles)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
permissions, err := graphClient.Drives().ByDriveId("drive-id").Items().ByDriveItemId("driveItem-id").Permissions().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Permission permission = new Permission();
SharePointIdentitySet grantedToIdentitiesV2 = new SharePointIdentitySet();
Identity application = new Identity();
application.setId("89ea5c94-7736-4e25-95ad-3fa95f62b66e");
application.setDisplayName("Contoso Time Manager App");
grantedToIdentitiesV2.setApplication(application);
permission.setGrantedToIdentitiesV2(grantedToIdentitiesV2);
LinkedList<String> roles = new LinkedList<String>();
roles.add("write");
permission.setRoles(roles);
Permission result = graphClient.drives().byDriveId("{drive-id}").items().byDriveItemId("{driveItem-id}").permissions().post(permission);
const options = {
authProvider,
};
const client = Client.init(options);
const permission = {
grantedToIdentitiesV2: {
application: {
id: '89ea5c94-7736-4e25-95ad-3fa95f62b66e',
displayName: 'Contoso Time Manager App'
}
},
roles: ['write']
};
await client.api('/drives/b!s8RqPCGh0ESQS2EYnKM0IKS3lM7GxjdAviiob7oc5pXv_0LiL-62Qq3IXyrXnEop/items/1/permissions')
.version('beta')
.post(permission);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Permission;
use Microsoft\Graph\Beta\Generated\Models\Identity;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Permission();
$grantedToIdentitiesV2 = new SharePointIdentitySet();
$grantedToIdentitiesV2Application = new Identity();
$grantedToIdentitiesV2Application->setId('89ea5c94-7736-4e25-95ad-3fa95f62b66e');
$grantedToIdentitiesV2Application->setDisplayName('Contoso Time Manager App');
$grantedToIdentitiesV2->setApplication($grantedToIdentitiesV2Application);
$requestBody->setGrantedToIdentitiesV2($grantedToIdentitiesV2);
$requestBody->setRoles(['write', ]);
$result = $graphServiceClient->drives()->byDriveId('drive-id')->items()->byDriveItemId('driveItem-id')->permissions()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Files
$params = @{
grantedToIdentitiesV2 = @{
application = @{
id = "89ea5c94-7736-4e25-95ad-3fa95f62b66e"
displayName = "Contoso Time Manager App"
}
}
roles = @(
"write"
)
}
New-MgBetaDriveItemPermission -DriveId $driveId -DriveItemId $driveItemId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.permission import Permission
from msgraph_beta.generated.models.identity import Identity
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Permission(
granted_to_identities_v2 = SharePointIdentitySet(
application = Identity(
id = "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
display_name = "Contoso Time Manager App",
),
),
roles = [
"write",
],
)
result = await graph_client.drives.by_drive_id('drive-id').items.by_drive_item_id('driveItem-id').permissions.post(request_body)
响应
以下示例显示了相应的响应。
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "aTowaS50fG1zLnNwLmV4dHw4OWVhNWM5NC03NzM2LTRlMjUtOTVhZC0zZmE5NWY2MmI2NmVAZDljZTBmYzEtNjFkOC00YTJlLWI1ZDMtMTg3NzBkZjA2NzJj",
"roles": [
"write"
],
"grantedTo": {
"application": {
"id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
"displayName": "Contoso Time Manager App"
}
},
"grantedToV2": {
"application": {
"id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
"displayName": "Contoso Time Manager App"
}
}
}
示例 2:向 SharePoint Embedded 容器中的 driveItem 添加 SharePoint 组权限
以下示例演示如何在由 标识的 Internal CollaboratorsSharePoint Embedded 文件中的01V4EPHZNV2OJQJNBPWNCKDTXCQ5TSVBJU由b!s8RqPCGh0ESQS2EYnKM0IKS3lM7GxjdAviiob7oc5pXv_0LiL-62Qq3IXyrXnEop标识的 driveItem 上添加 write sharePointGroup 的权限。
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/drives/b!s8RqPCGh0ESQS2EYnKM0IKS3lM7GxjdAviiob7oc5pXv_0LiL-62Qq3IXyrXnEop/items/01V4EPHZNV2OJQJNBPWNCKDTXCQ5TSVBJU/permissions
Content-Type: application/json
{
"grantedToV2": {
"siteGroup": {
"id": "10",
"displayName": "Internal Collaborators"
}
},
"roles": ["write"]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new Permission
{
GrantedToIdentitiesV2 = new SharePointIdentitySet
{
SiteGroup = new SharePointIdentity
{
Id = "10",
DisplayName = "Internal Collaborators",
},
},
Roles = new List<string>
{
"write",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Drives["{drive-id}"].Items["{driveItem-id}"].Permissions.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewPermission()
grantedToIdentitiesV2 := graph.NewSharePointIdentitySet()
siteGroup := graphmodels.NewSharePointIdentity()
id := "10"
siteGroup.SetId(&id)
displayName := "Internal Collaborators"
siteGroup.SetDisplayName(&displayName)
grantedToIdentitiesV2.SetSiteGroup(siteGroup)
requestBody.SetGrantedToIdentitiesV2(grantedToIdentitiesV2)
roles := []string {
"write",
}
requestBody.SetRoles(roles)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
permissions, err := graphClient.Drives().ByDriveId("drive-id").Items().ByDriveItemId("driveItem-id").Permissions().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Permission permission = new Permission();
SharePointIdentitySet grantedToIdentitiesV2 = new SharePointIdentitySet();
SharePointIdentity siteGroup = new SharePointIdentity();
siteGroup.setId("10");
siteGroup.setDisplayName("Internal Collaborators");
grantedToIdentitiesV2.setSiteGroup(siteGroup);
permission.setGrantedToIdentitiesV2(grantedToIdentitiesV2);
LinkedList<String> roles = new LinkedList<String>();
roles.add("write");
permission.setRoles(roles);
Permission result = graphClient.drives().byDriveId("{drive-id}").items().byDriveItemId("{driveItem-id}").permissions().post(permission);
const options = {
authProvider,
};
const client = Client.init(options);
const permission = {
grantedToIdentitiesV2: {
siteGroup: {
id: '10',
displayName: 'Internal Collaborators'
}
},
roles: ['write']
};
await client.api('/drives/b!s8RqPCGh0ESQS2EYnKM0IKS3lM7GxjdAviiob7oc5pXv_0LiL-62Qq3IXyrXnEop/items/1/permissions')
.version('beta')
.post(permission);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Permission;
use Microsoft\Graph\Beta\Generated\Models\SharePointIdentity;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Permission();
$grantedToIdentitiesV2 = new SharePointIdentitySet();
$grantedToIdentitiesV2SiteGroup = new SharePointIdentity();
$grantedToIdentitiesV2SiteGroup->setId('10');
$grantedToIdentitiesV2SiteGroup->setDisplayName('Internal Collaborators');
$grantedToIdentitiesV2->setSiteGroup($grantedToIdentitiesV2SiteGroup);
$requestBody->setGrantedToIdentitiesV2($grantedToIdentitiesV2);
$requestBody->setRoles(['write', ]);
$result = $graphServiceClient->drives()->byDriveId('drive-id')->items()->byDriveItemId('driveItem-id')->permissions()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Files
$params = @{
grantedToIdentitiesV2 = @{
siteGroup = @{
id = "10"
displayName = "Internal Collaborators"
}
}
roles = @(
"write"
)
}
New-MgBetaDriveItemPermission -DriveId $driveId -DriveItemId $driveItemId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.permission import Permission
from msgraph_beta.generated.models.share_point_identity import SharePointIdentity
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Permission(
granted_to_identities_v2 = SharePointIdentitySet(
site_group = SharePointIdentity(
id = "10",
display_name = "Internal Collaborators",
),
),
roles = [
"write",
],
)
result = await graph_client.drives.by_drive_id('drive-id').items.by_drive_item_id('driveItem-id').permissions.post(request_body)
响应
以下示例显示了相应的响应。
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "aTowaS50fG1zLnNwLmV4dHwxMEBkOWNlMGZjMS02MWQ4LTRhMmUtYjVkMy0xODc3MGRmMDY3MmM=",
"roles": [
"write"
],
"grantedToV2": {
"siteGroup": {
"id": "10",
"displayName": "Internal Collaborators"
}
},
"grantedTo": {
"siteGroup": {
"id": "10",
"displayName": "Internal Collaborators"
}
}
}