0

I use delegation permission to obtain access token authorization. The user is a global administrator

The scope of authority is offline_ access User.ReadWrite.All Files.ReadWrite.All

I request the API to get the Same tenant subuser drive file

https://graph.microsoft.com/v1.0/users/xxx/drive/root/children

Return to access denied

https://graph.microsoft.com/v1.0/me/drive/root/children Return is normal

Please help me

Improve this question

1 Answer 1

Reset to default
0

It is expected.

Please see the delegated permission Files.ReadWrite.All.

enter image description here

It allows the app to access all files the signed-user CAN access. This means that unless that user shares the file with you, you will not have permission to access it.

Let's focus on the application permission Files.ReadWrite.All.

enter image description here

This permission allows the app to access all files.

This difference is what makes you confusing.

So with delegated permission (user token), in addition to Files.ReadWrite.All, you still need to let others share the file with you before you can access it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.