Forum Discussion
Microsoft Graph PowerShell SDK Module OneDrive Folder Permissions Assignment
Hi ShaneGibson,
To assign permissions to a OneDrive folder using the Microsoft Graph PowerShell SDK Module, you can try use the following steps:
- Install the Microsoft Graph PowerShell SDK Module.
- Connect to Microsoft Graph using the Connect-MgGraph cmdlet.
- Get the ID of the OneDrive folder that you want to assign permissions to. You can do this using the Get-MgDriveItem cmdlet.
- Create a new permission object. You can do this using the New-MgDriveItemPermission cmdlet.
- Set the permission object's properties. The following properties are required:
- RoleId: The role that you want to assign to the user or group. For read/write permissions, you would use the Contributor role.
- PrincipalId: The ID of the user or group that you want to assign permissions to. You can get the ID of a user or group using the Get-MgUser cmdlet or the Get-MgGroup cmdlet, respectively.
- Add the permission object to the OneDrive folder. You can do this using the Add-MgDriveItemPermission cmdlet.
- Disconnect from Microsoft Graph using the Disconnect-MgGraph cmdlet.
Here is a PowerShell script that you can use to assign read/write permissions to a OneDrive folder for a Microsoft Azure Security group:
# Import the Microsoft Graph PowerShell SDK Module
Import-Module Microsoft.Graph.PowerShell.SDK
# Connect to Microsoft Graph
Connect-MgGraph -AccessToken $accessToken
# Get the ID of the OneDrive folder that you want to assign permissions to
$folderId = Get-MgDriveItem -Path "root/Documents"
# Create a new permission object
$permission = New-MgDriveItemPermission -RoleId "Contributor" -PrincipalId "email address removed for privacy reasons"
# Add the permission object to the OneDrive folder
Add-MgDriveItemPermission -DriveItemId $folderId -Permission $permission
# Disconnect from Microsoft Graph
Disconnect-MgGraph
To loop through a list of users and create the folder and assign permissions for each user, you can use the following PowerShell script:
# Import the Microsoft Graph PowerShell SDK Module
Import-Module Microsoft.Graph.PowerShell.SDK
# Connect to Microsoft Graph
Connect-MgGraph -AccessToken $accessToken
# Get the IDs of the OneDrive folders that you want to create
$folderIds = @()
foreach ($user in Get-Content "users.txt") {
$folderId = New-MgDriveItem -Path "root/Documents/myFolder" -Name $user
$folderIds += $folderId
}
# Create a new permission object
$permission = New-MgDriveItemPermission -RoleId "Contributor" -PrincipalId "email address removed for privacy reasons"
# Add the permission object to each OneDrive folder
foreach ($folderId in $folderIds) {
Add-MgDriveItemPermission -DriveItemId $folderId -Permission $permission
}
# Disconnect from Microsoft Graph
Disconnect-MgGraph
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
- Thank you LeonPavesic for the reply, much appreciated. When I tried the above code:
$permission = New-MgDriveItemPermission -RoleId "Contributor" -PrincipalId $userUPN
I end up getting the following error:
New-MgDriveItemPermission: A parameter cannot be found that matches parameter name 'RoleId'.
$permission = New-MgUserDriveItemPermission -Roles "Contribute" -UserId $userUPN
cmdlet New-MgUserDriveItemPermission at command pipeline position 1
Supply values for the following parameters:
DriveId: $adminDriveId
DriveItemId: 1
New-MgUserDriveItemPermission_CreateExpanded: The request URI is not valid. Since the segment 'drives' refers to a collection, this must be the last segment in the request URI or it must be followed by an function or action that can be bound to it otherwise all intermediate segments must refer to a single resource.
Status: 400 (BadRequest)
I looked at the documentation here:
https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.files/new-mguserdriveitempermission?view=graph-powershell-1.0
And changed the parameters to Roles "Contribute" and UserId "email address removed for privacy reasons" and did not go well for me still. Any other suggestions or thoughts on this?Hi ShaneGibson,
thanks for your update.The error message New-MgDriveItemPermission: A parameter cannot be found that matches parameter name 'RoleId' indicates that you are using an older version of the Microsoft Graph PowerShell SDK Module.
Please upgrade to the latest version of the module and try again.To upgrade the Microsoft Graph PowerShell SDK Module, you can use the following PowerShell command:
Update-Module Microsoft.Graph.PowerShell.SDKPlease click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)- I don't see a PowerShell Module or command for "Update-Module Microsoft.Graph.PowerShell.SDK", when I run it, it fails "Update-Module: Module 'Microsoft.Graph.PowerShell.SDK' was not updated because no valid module was found in the module directory. Verify that the module is located in the folder specified by $env:PSModulePath."...
I installed following this article which (See below link) and it only lists the Install and Update commands like this "Install-Module Microsoft.Graph" & "Update-Module Microsoft.Graph" and I have the latest version of that PS Module.
Can you send me the documentation link for where your recommended command "Update-Module Microsoft.Graph.PowerShell.SDK" came from, maybe I am using the wrong PS Module or looking in the wrong spot in the documentation for Microsoft Graph PowerShell Module?
https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0
