Forum Discussion
IvanMaria
Apr 08, 2021Copper Contributor
Fetching Real-time Permissions in SharePoint Online via REST API using App Token
We are trying to fetch real-time user effective permissions of a user on a file. We cannot use the following API as it does not update the user effective permissions in real-time when the user is either added or removed from the O365 group (Until the user login into the site):
/getusereffectivepermissions(userName=@user)?@user='<url_encoded_login_name>'
Note that we are using SharePoint Application Access Token.
Therefore, we are using the following APIs to get the real time results:
/RoleAssignments?$expand=Member/Users,RoleDefinitionBindings
We read the responses having 'principal type = 4' such as
"LoginName": "c:0o.c|federateddirectoryclaimprovider|d20ae4c3-3429-4f75-8895-793407836d5e_o",
"LoginName": "c:0o.c|federateddirectoryclaimprovider|<group_uid>",
"LoginName": "c:0(.s|true",
"LoginName": "c:0-.f|rolemanager|spo-grid-all-users/<tenant_id>", etc.
and then we fetch the owners of the group by taking'<owner_group_guid>_o' and also fetch the transitive members of the group by taking <group_uid> using Graph API.
How do we check if a user is a member of the following SharePoint groups?:
Everyone: c:0(.s|true
Everyone except external users: c:0-.f|rolemanager|spo-grid-all-users/<tenant_id>
Also, is there any other similar SharePoint internal groups that should be taken into consideration while fetching the real-time user effective permissions?
No RepliesBe the first to reply