Forum Discussion

IvanMaria's avatar
IvanMaria
Copper Contributor
Apr 08, 2021

Fetching Real-time Permissions in SharePoint Online via REST API using App Token

We are trying to fetch real-time user effective permissions of a user on a file. We cannot use the following API as it does not update the user effective permissions in real-time when the user is either added or removed from the O365 group (Until the user login into the site):

/getusereffectivepermissions(userName=@user)?@user='<url_encoded_login_name>'

Note that we are using SharePoint Application Access Token.

 

Therefore, we are using the following APIs to get the real time results:

/RoleAssignments?$expand=Member/Users,RoleDefinitionBindings

 

We read the responses having 'principal type = 4' such as 

"LoginName": "c:0o.c|federateddirectoryclaimprovider|d20ae4c3-3429-4f75-8895-793407836d5e_o",
"LoginName": "c:0o.c|federateddirectoryclaimprovider|<group_uid>",
"LoginName": "c:0(.s|true",
"LoginName": "c:0-.f|rolemanager|spo-grid-all-users/<tenant_id>", etc.
 
and then we fetch the owners of the group by taking'<owner_group_guid>_o' and also fetch the transitive members of the group by taking <group_uid> using Graph API.
 
How do we check if a user is a member of the following SharePoint groups?:
Everyone:  c:0(.s|true
Everyone except external users: c:0-.f|rolemanager|spo-grid-all-users/<tenant_id>
 
Also, is there any other similar SharePoint internal groups that should be taken into consideration while fetching the real-time user effective permissions?
 
 
 
 

 

 

No RepliesBe the first to reply

Resources