Remove-MgDriveRootPermission accepts the command but does not remove the permission

Jesus Chao 141 Reputation points
2024-02-08T13:36:19.7+00:00

Hi, I posted this on GitHub and have not received any feedback so I thought I would try here.
I was asked to create an automation that would remove any admin accounts that were given permission to a user's onedrive on a daily basis. We are using Azure Automation to accomplish this. When using the cmdlet get-mgdriverootpermission, we are able to see the permissions that have been applied to a user's OneDrive. We then use the following to remove the permission: Remove-MgDriveRootPermission -driveid $userdrive.id -permissionid $permission.id The $userdrive variable is the drive ID found when using get-mguserdrive.
The $permission.id is the ID of the permission found when using get-mgdriverootpermission. The cmd completes with no errors however when we look at the permissions, the permission still exists.... image

I tested this with the latest 2.1.0 version of the Graph cmdlets and also tested this directly on the Graph API itself. Same result. Here is the uri: https://graph.microsoft.com/v1.0/drives/{driveid}/items/root/permissions/{permissionid} The result has an interesting response in the raw content: Deprecation: Fri, 03 Sep 2021 23:59:59 GMT
Sunset: Sun, 01 Oct 2023 23:59:59 GMT

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,868 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,463 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sourabh Gupta 800 Reputation points Microsoft Vendor
    2024-02-10T14:26:42.0933333+00:00

    Hi Jesus Chao, Thanks for reaching out. Based upon the document below. Could you please check the inheritedFrom property of the permission you are deleting. Only sharing permissions that are not inherited can be deleted. The inheritedFrom property must be null https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.files/remove-mgdriverootpermission?view=graph-powershell-1.0 However, the document mentions this command Remove access to a DriveItem which is misleading based upon the name of the command itself. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.