Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get admin access to files for all user's OneDrive

Tags:

office365

microsoft-graph-api

onedrive

I am tenant admin for our Office 365 deployment. we have our internal system which need to access all OneDrive sites. We are using my tenant admin credential to get the OAuth token and trying to get files from all OneDrive sites using SharePoint/OneDrive REST API with that OAuth token.

With OAuth token of the tenant admin, we are only able to get the files owned by tenant admin or Shared with tenant admin. we are not able to get the files form other user's OneDrive.

Same result with Microsoft Graph API also. we are only able to get the files owned by tenant admin or Shared with tenant admin. we are not able to get the files form other user's OneDrive.

One Solution for this could be by adding tenant admin to the site collection admin for all OneDrive Sites, but this is not a feasible option for us.

Is there any API, or any other way to get all OneDrive user's file by using OneDrive admin or tenant admin credential ?

Thanks, Abhi

like image 377
user2768967 Avatar asked Mar 29 '16 06:03

user2768967

1 Answers

You can do this using either Delegated or Application permissions. Which one you choose depends on how your application will run and the OAUTH Grant Flow you're using.

If your application runs with an interactive user (i.e. you're sitting in front of it while it runs), then you want to use Delegated permissions and the Authorization Code Grant Flow.

If your application runs as a service (i.e. it runs in the background) then you'll want to use Application permissions and the Client Credentials Grant Flow.

Regardless of the permission model you choose, the permission scopes and endpoints will remain the same.

You'll need one of the following permission scopes in order to access other user's files within the tenant: Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All.

In order to see another user's files, you need to address that user's drive directly. This is done via the user's userPrincipalName. For example, to see files in the root of a user's drive you would call:

 https://graph.microsoft.com/v1.0/users/{userPrincipalName}/drive/root/children

Hope this helps.

like image 151
Marc LaFleur Avatar answered Oct 20 '22 03:10

Marc LaFleur
Sign in to Comment

Related questions

Office 365 mail Inbox folder EXPUNGE failed with IMAP using java mail API
Microsoft Graph Api User.Read.All Not granted for my domain
The client application has requested access to resource 'https://outlook.office365.com'. This request has failed
Difference between Office 365 REST Api and Microsoft Graph
Remote Authentication in SharePoint Online
Can Office365 shared mailbox use SMTP?
'Connect-MsolService' is not recognized as the name of a cmdlet
Issues with implementing Office 365 API on Android (Xamarin)
SMTP send mail is not working for office365
How to access Sharepoint site's document library via Microsoft Graph API?
Office 365 api in PHP
The application named HTTPS://test113.onmicrosoft.com/FTP was not found in the tenant named test113.onmicrosoft.com
how to schedule meeting in MS Teams through Graph API
exchangelib - All steps in the autodiscover protocol failed
SMTP 5.7.57 error when trying to send email via Office 365
Office 365 versus desktop Excel macros
MailKit C# SmtpClient.Connect() to Office 365 generating exception: "An existing connection was forcibly closed by the remote host"
C# CSOM - Check if File Exists in Document Library
Error sending email using nodemailer via Office365 smtp (MEANjs scaffold)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!