Delta token does not work for tracking permission changes if user/group is added/removed

Question

Hi team,

We are using Microsoft graph apis to track content and permission changes of files and folders in Sharepoint and one drive . The delta token works for content changes. But when we try to use the header Prefer: deltashowremovedasdeleted, deltatraversepermissiongaps, deltashowsharingchanges as mentioned in https://learn.microsoft.com/en-us/graph/api/driveitem-delta?view=graph-rest-1.0&tabs=http#scanning-permissions-hierarchies, the delta query works as long as permissions and content is updated on a file level. As soon as a user/group is added/removed on a folder level, the delta token stops working. We see the error as mentioned in the image.
Request id - c2532be3-581c-4a98-872d-453d7183781d
Client-request-id - c2532be3-581c-4a98-872d-453d7183781d
x-ms-ags-diagnostic - {"ServerInfo":{"DataCenter":"East US","Slice":"E","Ring":"5","ScaleUnit":"004","RoleInstance":"BL02EPF00003B0C"}}

The application used to generate token for graph APIs has application permissions of Files.Read.All and Sites.Read.All

Answer 1

Hi @Ameya Nayak,

The delta token does not work for tracking permission changes if a user or group is added or removed on a folder level.

Delta query is designed to track changes in Microsoft Graph data and enables applications to discover newly created, updated, or deleted entities without performing a full read of the target resource with every request. However, changes to properties stored outside the main data store are not tracked.

---

If the answer is helpful, please click "Accept as Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.