Is there a way to get the SharePoint security groups at site collection/site level with Graph API? I have followed Graph API article by MS but no where they mentioned about pulling information from security groups. I want to use this Graph API url in my power apps to apply role based security.
It isn't possible to interact SharePoint's own user or group resource via Microsoft Graph at the moment. For the time being you would need to use the classic SharePoint REST API (i.e. /_api/web/siteusers) for this.
Related
I am currently using Graph APIs to connect to share point list from the Teams tab(NOT SPFX TAB) that I created using Teams Toolkit. I would like to know if it's possible to use REST API or PNP library to connect to Share point list items other than Graph API.
Thanks.
You can directly use Sharepoint REST API in Teams Tab. Note that you need to update permission for Azure AD app and request for access token with proper permission with TeamsFx SDK to call Sharepoint REST API.
Using the graph API or sharepoint REST APIs, is there a way to obtain, for each site, the list of users/o365 groups that are allowed read access to the site?
We are able to obtain the list of sites using the graph API GET /sites?search=* but cannot find a way to get the list of users allowed to access each site (except for Sharepoint team sites associates with o365 groups that we can enumerate using GET /groups/{group-id}/sites API call.
We are building a server side application so need to do this from the server using application-level permissions, and not from the client.
Pointers for how to do this are greatly appreciated!
Looks like there is no such endpoint that gets the site permissions and there are few uservoices here that are close to your scenario. Please upvote them so that it could be developed by the product team in future.
I want to get sharepoint groups using graph api instead of REST API Call
As far as I know Microsoft Graph doesn't expose an endpoint that allows you to get the information of SharePoint Group.
If you has this requirement, you could vote this idea on Microsoft Graph UserVoice.
I am trying to use power bi embedded service rest apis with a pro account, I have gone through the rest api reference guide -
https://learn.microsoft.com/en-us/rest/api/power-bi
The issue is that am unable to share a report with a particular set of users with the api, now i know that we can with rest api create appspaces/groups, and add users to group, but thats at the group level. I want to basically give permission at the report level. It is very easily possible from the app.powerbi.com portal by going into the share option. But there is no api that i can find to share a report to a user in an appspace.
We are stuck in our POC because of this as report level security is basic and a must have requirement for any kind of custom usage.
Currently Power BI REST API doesn't allow you to do that. As you said, you can only manage users on workspace level. If you need such dynamic report level management, you can try to achieve this by removing the rights of your users on the workspace and embed the reports in some application, implementin "app own data" scenario. This way you will be able to manage user's access in your application, while the reports will be always accessed with your "master account".
Is it possible to secure SharePoint rest APIs?
I have a SharePoint portal that allows users to create accounts an get access to the portal.
The portal uses SharePoint client object model, if any of the users try to access let's say getuserbyid method or retrieving items for lists and changes the ID value, he will be able to retrieve information for other users on the portal.
So it is possible or is their any way to restrict access to the rest APIs outside the portal itself? Because with manipulation using Fiddler or burp suite the request can be replayed with different information or values.
The operations performed by the Client Side Object Model respect the SharePoint site permissions in the SharePoint site you are interacting with. You need to set/customize the site permissions such that you get the results that you want.