Hi, I am having the same issue as above. We are using the exact c# code as above but we are getting an empty list of values: []. We have verified that sharepoints sites in our domain have groups and permissions set up. Any update on this?
How to programmatically get the permissions of all Sharepoint sites?
As part of a larger task, I have been asked to get a list of all guest users with access to Teams and/or SharePoint sites.
I was under the impression that I could get this by using REST API & MS Graph and getting a list of all SharePoint Sites using graph.microsoft.com/v1.0/sites and then use the IDs with graph.microsoft.com/beta/sites/<ID>/permissions in order to get the permissions. But that returns an empty value.
Prior to getting the permission ' Sites.FullControll.All', this command was erroring, while now it is not, so presumably it is working as intended.
So, how would I go about getting the permissions for all Teams & SharePoint sites in our org? It seems like something Graph should be able to do, but after spending days on it, I have not been able to find a way to do it.
I've been using Graph more and more for tasks, but this seems a bit of a blocker for me.
2 answers
Sort by: Most helpful
-
-
CarlZhao-MSFT 43,011 Reputation points
2021-12-02T09:59:41.98+00:00 You need to call two apis in one namespace. First get the collection of sites, then traverse to get the id of each site, and then use the siteId as a parameter to get the permissions of each site.
using Microsoft.Graph; using Microsoft.Graph.Auth; using Microsoft.Identity.Client; using Newtonsoft.Json; using System; using System.Collections.Generic; namespace test { class Program { static async System.Threading.Tasks.Task Main(string[] args) { IConfidentialClientApplication app; app = ConfidentialClientApplicationBuilder.Create("{client id}") .WithClientSecret("{client secret}") .WithAuthority(new Uri("https://login.microsoftonline.com/{tenant id}")) .Build(); AuthenticationResult result = null; string[] scopes = new string[] { "https://graph.microsoft.com/.default" }; result = await app.AcquireTokenForClient(scopes).ExecuteAsync(); string accesstoken = result.AccessToken; //Console.WriteLine(accesstoken); ClientCredentialProvider authProvider = new ClientCredentialProvider(app); GraphServiceClient graphClient = new GraphServiceClient(authProvider); var queryOptions = new List<QueryOption>() { new QueryOption("search", "*") }; var sites = await graphClient.Sites .Request(queryOptions) .GetAsync(); for (var i = 0; i < sites.Count; i++) { var siteId = sites[i].Id.ToString(); var permissions = await graphClient.Sites[siteId].Permissions.Request().GetAsync(); Console.WriteLine("permissions:" + JsonConvert.SerializeObject(permissions)); } } } }
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.