Files.SelectedOperations.Selected

Allow the application to access files explicitly permissioned to the application on behalf of the signed in user. The specific files and the permissions granted will be configured in SharePoint Online or OneDrive.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the Files.SelectedOperations.Selected permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	bd61925e-3bf4-4d62-bc0b-06b06c96d95c	ef2779dc-ef1b-4211-8310-8a0ac2450081
DisplayText	Access selected Files without a signed in user.	Access selected Files, on behalf of the signed-in user
Description	Allow the application to access a subset of files without a signed in user. The specific files and the permissions granted will be configured in SharePoint Online or OneDrive.	Allow the application to access files explicitly permissioned to the application on behalf of the signed in user. The specific files and the permissions granted will be configured in SharePoint Online or OneDrive.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /sites/{site-id}/lists/{list-id}/items/{item-id}/{permissionId}
	POST /drives/{drive-id}/items/{item-id}/permissions
	POST /groups/{group-id}/drive/items/{item-id}/permissions
	POST /me/drive/items/{item-id}/permissions
	POST /sites/{siteId}/drive/items/{itemId}/permissions
	POST /users/{userId}/drive/items/{itemId}/permissions

	Commands
	New-MgBetaDriveItemPermission

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: drive

Property	Type	Description
createdBy	[identitySet][]	Identity of the user, device, or application which created the item. Read-only.
createdDateTime	dateTimeOffset	Date and time of item creation. Read-only.
description	String	Provide a user-visible description of the drive. Read-write.
driveType	String	Describes the type of drive represented by this resource. OneDrive personal drives return `personal`. OneDrive for Business returns `business`. SharePoint document libraries return `documentLibrary`. Read-only.
id	String	The unique identifier of the drive. Read-only.
lastModifiedBy	[identitySet][]	Identity of the user, device, and application which last modified the item. Read-only.
lastModifiedDateTime	dateTimeOffset	Date and time the item was last modified. Read-only.
name	string	The name of the item. Read-write.
owner	identitySet	Optional. The user account that owns the drive. Read-only.
quota	quota	Optional. Information about the drive's storage space quota. Read-only.
sharepointIds	[sharepointIds][]	Returns identifiers useful for SharePoint REST compatibility. Read-only. This property isn't returned by default and must be selected using the `$select` query parameter.
system	[systemFacet][]	If present, indicates that it's a system-managed drive. Read-only.
webUrl	string (url)	URL that displays the resource in the browser. Read-only.

Graph reference: driveItem

Property	Type	Description
audio	[audio][]	Audio metadata, if the item is an audio file. Read-only. Read-only. Only on OneDrive Personal.
bundle	[bundle][]	Bundle metadata, if the item is a bundle. Read-only.
content	Stream	The content stream, if the item represents a file.
createdBy	[identitySet][]	Identity of the user, device, and application that created the item. Read-only.
createdDateTime	DateTimeOffset	Date and time of item creation. Read-only.
cTag	String	An eTag for the content of the item. This eTag isn't changed if only the metadata is changed. Note This property isn't returned if the item is a folder. Read-only.
deleted	[deleted][]	Information about the deleted state of the item. Read-only.
description	String	Provides a user-visible description of the item. Read-write. Only on OneDrive Personal.
eTag	String	eTag for the entire item (metadata + content). Read-only.
file	[file][]	File metadata, if the item is a file. Read-only.
fileSystemInfo	[fileSystemInfo][]	File system information on client. Read-write.
folder	[folder][]	Folder metadata, if the item is a folder. Read-only.
id	String	The unique identifier of the item within the Drive. Read-only.
image	[image][]	Image metadata, if the item is an image. Read-only.
lastModifiedBy	[identitySet][]	Identity of the user, device, and application that last modified the item. Read-only.
lastModifiedDateTime	DateTimeOffset	Date and time the item was last modified. Read-only.
location	[geoCoordinates][]	Location metadata, if the item has location data. Read-only.
malware	[malware][]	Malware metadata, if the item was detected to contain malware. Read-only.
name	String	The name of the item (filename and extension). Read-write.
package	[package][]	If present, indicates that this item is a package instead of a folder or file. Packages are treated like files in some contexts and folders in others. Read-only.
parentReference	[itemReference][]	Parent information, if the item has a parent. Read-write.
pendingOperations	[pendingOperations][]	If present, indicates that one or more operations that might affect the state of the driveItem are pending completion. Read-only.
photo	[photo][]	Photo metadata, if the item is a photo. Read-only.
publication	[publicationFacet][]	Provides information about the published or checked-out state of an item, in locations that support such actions. This property isn't returned by default. Read-only.
remoteItem	[remoteItem][]	Remote item data, if the item is shared from a drive other than the one being accessed. Read-only.
root	[root][]	If this property is non-null, it indicates that the driveItem is the top-most driveItem in the drive.
searchResult	[searchResult][]	Search metadata, if the item is from a search result. Read-only.
shared	[shared][]	Indicates that the item was shared with others and provides information about the shared state of the item. Read-only.
sharepointIds	[sharepointIds][]	Returns identifiers useful for SharePoint REST compatibility. Read-only.
size	Int64	Size of the item in bytes. Read-only.
specialFolder	[specialFolder][]	If the current item is also available as a special folder, this facet is returned. Read-only.
video	[video][]	Video metadata, if the item is a video. Read-only.
webDavUrl	String	WebDAV compatible URL for the item.
webUrl	String	URL that displays the resource in the browser. Read-only.

Graph reference: fileStorageContainer

Property	Type	Description
containerTypeId	Guid	Container type ID of the fileStorageContainer. For details about container types, see Container Types. Each container must have only one container type. Read-only.
createdDateTime	DateTimeOffset	Date and time of the fileStorageContainer creation. Read-only.
customProperties	fileStorageContainerCustomPropertyDictionary	Custom property collection for the fileStorageContainer. Read-write.
description	String	Provides a user-visible description of the fileStorageContainer. Read-write.
displayName	String	The display name of the fileStorageContainer. Read-write.
id	String	The unique stable identifier of the filerStorageContainer. Read-only.
lockState	siteLockState	Indicates the lock state of the fileStorageContainer. The possible values are `unlocked` and `lockedReadOnly`. Read-only.
settings	fileStorageContainerSettings	Settings associated with a fileStorageContainer. Read-write.
status	fileStorageContainerStatus	Status of the fileStorageContainer. Containers are created as inactive and require activation. Inactive containers are subjected to automatic deletion in 24 hours. The possible values are: `inactive` , `active` . Read-only.
viewpoint	fileStorageContainerViewpoint	Data specific to the current user. Read-only.

Graph reference: identity

Property	Type	Description
displayName	String	The display name of the identity. For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.
id	String	Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
tenantId	String	Unique identity of the tenant. Optional.
thumbnails	thumbnailSet	Keyed collection of thumbnail resources. Optional. Applies to drive items, for example.

Property	Type	Description
contentType	[contentTypeInfo][]	The content type of this list item

Graph reference: Permission

Property	Type	Description
expirationDateTime	DateTimeOffset	A format of yyyy-MM-ddTHH:mm:ssZ of DateTimeOffset indicates the expiration time of the permission. DateTime.MinValue indicates there's no expiration set for this permission. Optional.
id	String	The unique identifier of the permission among all permissions on the item. Read-only.
hasPassword	Boolean	Indicates whether the password is set for this permission. This property only appears in the response. Optional. Read-only. For OneDrive Personal only..
grantedTo (deprecated)	IdentitySet	For user type permissions, the details of the users and applications for this permission. Read-only.
grantedToIdentities (deprecated)	Collection(IdentitySet)	For type permissions, the details of the users to whom permission was granted. Read-only.
grantedToIdentitiesV2	Collection([SharePointIdentitySet][])	For link type permissions, the details of the users to whom permission was granted. Read-only.
grantedToV2	[SharePointIdentitySet][]	For user type permissions, the details of the users and applications for this permission. Read-only.
inheritedFrom	ItemReference	Provides a reference to the ancestor of the current permission, if it's inherited from an ancestor. Read-only.
invitation	[SharingInvitation][]	Details of any associated sharing invitation for this permission. Read-only.
link	[SharingLink][]	Provides the link details of the current permission, if it's a link type permission. Read-only.
roles	Collection of String	The type of permission, for example, `read`. See below for the full list of roles. Read-only.
shareId	String	A unique token that can be used to access this shared item via the shares API. Read-only.

Graph reference: sharePointGroup

Property	Type	Description
description	String	The user-visible description of the sharePointGroup. Read-write.
id	String	The unique stable identifier of the sharePointGroup. This ID is unique only within the context of a single SharePoint Embedded container or SharePoint site. Read-only.
title	String	The user-visible title of the **s

Table of Contents

Files.SelectedOperations.Selected

Graph Methods

Resources