Is there any efficient method to query unique permission list items under the list (both graph or CSOM)?

Question

We have business request to scan the user permission across multiple OneDrive for Business, and we are asking if there is any efficient method to query unique permission list items under the list without one-by-one query list item? If yes, this will reduce unused requests to SharePoint Online if the item doesn't have unique permission.

Thank you.

Long

Answer 1

No directly such API in Graph now. But you can try the permissions API and then try and some filter.

For CSOM:

using (var ctx = new ClientContext(sitrUrl))
    {
        //ctx.Credentials = Your Credentials
        ctx.Load(ctx.Web, a => a.Lists);
        ctx.ExecuteQuery();
        List list = ctx.Web.Lists.GetByTitle("Documents");
        var listItems = list.GetItems(CamlQuery.CreateAllItemsQuery());
        //load all list items with default properties and HasUniqueRoleAssignments property
        ctx.Load(listItems, a => a.IncludeWithDefaultProperties(b => b.HasUniqueRoleAssignments));
        ctx.ExecuteQuery();
        foreach (var item in listItems)
        {
            Console.WriteLine("List item: " + item["FileRef"].ToString());
            if (item.HasUniqueRoleAssignments)
            {
                //load permissions if item has unique permission
                ctx.Load(item, a => a.RoleAssignments.Include(roleAsg => roleAsg.Member.LoginName,
                    roleAsg => roleAsg.RoleDefinitionBindings.Include(roleDef => roleDef.Name,
                    roleDef => roleDef.Description)));
                ctx.ExecuteQuery();
                foreach (var roleAsg in item.RoleAssignments)
                {
                    Console.WriteLine("User/Group: " + roleAsg.Member.LoginName);
                    List<string> roles = new List<string>();
                    foreach (var role in roleAsg.RoleDefinitionBindings)
                    {
                        roles.Add(role.Description);
                    }
                    Console.WriteLine("Permissions: " + string.Join(",", roles.ToArray()));
                    Console.WriteLine("----------------");
                }
            }
            else
            {
                Console.WriteLine("No unique permission found");
            }
            Console.WriteLine("###############");
        }
    }

https://www.morgantechspace.com/2017/09/get-item-level-permissions-sharepoint-csom.html

Or

public static void HasUniquePermission()
         {
             OfficeDevPnP.Core.AuthenticationManager authMgr = new OfficeDevPnP.Core.AuthenticationManager();

             string siteUrl = "https://******.sharepoint.com/sites/DeveloperSite/";
             string userName = "Sathish@********.onmicrosoft.com";
             string password = "********";

             using (var ctx = authMgr.GetSharePointOnlineAuthenticatedContextTenant(siteUrl, userName, password))
             {
                 Web web = ctx.Web;
                 ctx.Load(web.Lists);
                 ctx.Load(web);

                 ctx.ExecuteQueryRetry();

                 List list = web.Lists.GetByTitle("D1");
                 ctx.Load(list);
                 ctx.Load(list, li => li.HasUniqueRoleAssignments);
                 ctx.ExecuteQuery();

                 System.Console.WriteLine(Convert.ToString(list.HasUniqueRoleAssignments));
             }
         }

http://www.sharepointpals.com/post/SharePoint-Office-365-How-to-Get-the-Lists-with-Unique-Permissions-Programmatically-C-CSOM