Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the specific usage rights granted by Azure Information Protection templates or sensitivity labels. These rights define what actions a user can perform on protected content.
For more information, see Configure usage rights for Azure Information Protection.
Members
| Member | Value | Description | Common roles mapping |
|---|---|---|---|
| VIEW | 0 | Allows the user to open and read the protected content. Required for almost all other rights. | All |
| EDIT | 1 | Allows the user to modify the content. Implies VIEW. | Reviewer, Co-Author, Co-Owner, Owner |
| DOCEDIT | 2 | Allows the user to modify the content (often synonymous with EDIT). Implies VIEW. | Reviewer, Co-Author, Co-Owner, Owner |
| 3 | Allows the user to print the content. Implies VIEW. | Reviewer, Co-Author, Co-Owner, Owner | |
| EXTRACT | 4 | Allows the user to copy content from the protected document. Implies VIEW. | Co-Author, Co-Owner, Owner |
| EXPORT | 5 | Allows the user to save the content in an unprotected format or remove protection. Implies EDIT and EXTRACT. | Co-Owner, Owner |
| FORWARD | 6 | Allows the user to forward protected email. Implies REPLY and REPLYALL. | Co-Author, Co-Owner, Owner |
| REPLY | 7 | Allows the user to reply to protected email. | Reviewer, Co-Author, Co-Owner, Owner |
| REPLYALL | 8 | Allows the user to reply-all to protected email. Implies REPLY. | Reviewer, Co-Author, Co-Owner, Owner |
| COMMENT | 9 | Allows the user to add comments to the content (specific to certain applications). | Reviewer, Co-Author, Co-Owner, Owner |
| VIEWRIGHTSDATA | 10 | Allows the user to view the permissions applied to the content. Implies VIEW. | All |
| EDITRIGHTSDATA | 11 | Allows the user to change the permissions applied to the content. Implies VIEWRIGHTSDATA. | Co-Owner, Owner |
| OWNER | 12 | Grants the user all rights, including the ability to change permissions. | Owner |
| OBJMODEL | 13 | Allows programmatic access to the content (for example, via application add-ins). Implies VIEW. | All |
| UNKNOWN | 14 | An unknown or unsupported right. | N/A |
| ACCESSDENIED | 15 | Indicates the user was explicitly denied access (typically returned as an error, not a right). | N/A |
| EXCEPTION | 16 | Indicates an error occurred while retrieving rights. | N/A |
| USERDEFINEDPROTECTIONTYPENOTSUPPORTEDEXCEPTION | 17 | Error: Rights check failed because the label uses user-defined permissions (UDP). | N/A |
| ENCRYPTEDPROTECTIONTYPENOTSUPPORTEDEXCEPTION | 18 | Error: Rights check failed because the label uses unsupported encryption (for example, DKE). | N/A |
| PURVIEWCLAIMSCHALLENGENOTSUPPORTEDEXCEPTION | 19 | Error: Rights check requires Conditional Access claims challenge, not supported by the caller. | N/A |
Note: The numeric values are provided for reference but applications should rely on the string representation of the enum members. Exception values (ACCESSDENIED, EXCEPTION, etc.) are typically returned in error scenarios, not as part of a successful rights collection.
JSON representation
The following JSON representation shows the enum type.
{
"@odata.type": "#microsoft.graph.usageRight"
}