RecordsManagement.Read.All

Allows the application to read any data from Records Management, such as configuration, labels, and policies on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the RecordsManagement.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	ac3a2b8e-03a3-4da9-9ce0-cbe28bf1accd	07f995eb-fc67-4522-ad66-2b8ca8ea3efd
DisplayText	Read Records Management configuration, labels and policies	Read Records Management configuration, labels, and policies
Description	Allows the application to read any data from Records Management, such as configuration, labels, and policies without the signed in user.	Allows the application to read any data from Records Management, such as configuration, labels, and policies on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /security/labels/authorities
	GET /security/labels/authorities/{authorityTemplateId}
	GET /security/labels/categories
	GET /security/labels/categories/{categoryTemplateId}
	GET /security/labels/categories/{categoryTemplateId}/subcategories
	GET /security/labels/categories/{categoryTemplateId}/subcategories/{subcategoryTemplateId}
	GET /security/labels/citations
	GET /security/labels/citations/{citationTemplateId}
	GET /security/labels/departments
	GET /security/labels/departments/{departmentTemplateId}
	GET /security/labels/filePlanReferences
	GET /security/labels/filePlanReferences/{filePlanReferenceTemplateId}
	GET /security/labels/retentionLabels
	GET /security/labels/retentionLabels/{retentionLabelId}
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/authorityTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/citationTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/departmentTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/filePlanReferenceTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/eventType
	GET /security/triggers/retentionEvents
	GET /security/triggers/retentionEvents/{retentionEventId}
	GET /security/triggers/retentionEvents/{retentionEventId}/labels/{retentionLabelId}
	GET /security/triggers/retentionEvents/{retentionEventId}/retentionEventType
	GET /security/triggerTypes/retentionEventTypes
	GET /security/triggerTypes/retentionEventTypes/{retentionEventTypeId}

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /security/labels/authorities
	GET /security/labels/authorities/{authorityTemplateId}
	GET /security/labels/categories
	GET /security/labels/categories/{categoryTemplateId}
	GET /security/labels/categories/{categoryTemplateId}/subcategories
	GET /security/labels/categories/{categoryTemplateId}/subcategories/{subcategoryTemplateId}
	GET /security/labels/citations
	GET /security/labels/citations/{citationTemplateId}
	GET /security/labels/departments
	GET /security/labels/departments/{departmentTemplateId}
	GET /security/labels/filePlanReferences
	GET /security/labels/filePlanReferences/{filePlanReferenceTemplateId}
	GET /security/labels/retentionLabels
	GET /security/labels/retentionLabels/{retentionLabelId}
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/authorityTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/citationTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/departmentTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/filePlanReferenceTemplate
	GET /security/labels/retentionLabels/{retentionLabelId}/eventType
	GET /security/triggers/retentionEvents
	GET /security/triggers/retentionEvents/{retentionEventId}
	GET /security/triggers/retentionEvents/{retentionEventId}/labels/{retentionLabelId}
	GET /security/triggers/retentionEvents/{retentionEventId}/retentionEventType
	GET /security/triggerTypes/retentionEventTypes
	GET /security/triggerTypes/retentionEventTypes/{retentionEventTypeId}

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgSecurityLabelAuthority
	Get-MgSecurityLabelCategory
	Get-MgSecurityLabelCategorySubcategory
	Get-MgSecurityLabelCitation
	Get-MgSecurityLabelDepartment
	Get-MgSecurityLabelFilePlanReference
	Get-MgSecurityLabelRetentionLabel
	Get-MgSecurityTriggerRetentionEvent
	Get-MgSecurityTriggerTypeRetentionEventType

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaSecurityLabelAuthority
	Get-MgBetaSecurityLabelCategory
	Get-MgBetaSecurityLabelCategorySubcategory
	Get-MgBetaSecurityLabelCitation
	Get-MgBetaSecurityLabelDepartment
	Get-MgBetaSecurityLabelFilePlanReference
	Get-MgBetaSecurityLabelRetentionLabel
	Get-MgBetaSecurityTriggerRetentionEvent
	Get-MgBetaSecurityTriggerTypeRetentionEventType

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: authorityTemplate

Property	Type	Description
createdBy	microsoft.graph.identitySet	Represents the user who created the authority descriptor. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
createdDateTime	DateTimeOffset	Represents the date and time in which the authority descriptor is created. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
displayName	String	Unique string that defines an authority name. Inherited from microsoft.graph.security.filePlanDescriptorTemplate.
id	String	Unique ID of the authority. Inherited from microsoft.graph.entity. Read-only.

Graph reference: categoryTemplate

Property	Type	Description
createdBy	microsoft.graph.identitySet	Represents the user who created the category descriptor. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
createdDateTime	DateTimeOffset	Represents the date and time in which the category descriptor is created. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
displayName	String	Unique string that defines a category name. Inherited from microsoft.graph.security.filePlanDescriptorTemplate.
id	String	Unique ID of the category. Inherited from microsoft.graph.entity. Read-only.

Graph reference: citationTemplate

Property	Type	Description
citationJurisdiction	String	Represents the jurisdiction or agency that published the citation.
citationUrl	String	Represents the URL to the published citation.
createdBy	microsoft.graph.identitySet	Represents the user who created the citation descriptor. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
createdDateTime	DateTimeOffset	Represents the date and time in which the citation descriptor is created. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
displayName	String	Unique string that defines a citation name. Inherited from microsoft.graph.security.filePlanDescriptorTemplate.
id	String	Unique ID of the citation. Inherited from microsoft.graph.entity. Read-only.

Graph reference: departmentTemplate

Property	Type	Description
createdBy	microsoft.graph.identitySet	Represents the user who created the department descriptor. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
createdDateTime	DateTimeOffset	Represents the date and time in which the department descriptor is created. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
displayName	String	Unique string that defines a department name. Inherited from microsoft.graph.security.filePlanDescriptorTemplate.
id	String	Unique ID of the department. Inherited from microsoft.graph.entity. Read-only.

Graph reference: filePlanReferenceTemplate

Property	Type	Description
createdBy	microsoft.graph.identitySet	Represents the user who created the file plan reference descriptor. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
createdDateTime	DateTimeOffset	Represents the date and time in which the filePlanReference descriptor is created. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
displayName	String	Unique string that defines a filePlanReference name. Inherited from microsoft.graph.security.filePlanDescriptorTemplate.
id	String	Unique ID of the filePlanReference. Inherited from microsoft.graph.entity. Read-only.

Graph reference: retentionEvent

Property	Type	Description
createdBy	microsoft.graph.identitySet	The user who created the retentionEvent.
createdDateTime	DateTimeOffset	The date time when the retentionEvent was created.
description	String	Optional information about the event.
displayName	String	Name of the event.
eventPropagationResults	microsoft.graph.security.eventPropagationResult collection	Represents the success status of a created event and additional information.
eventQueries	microsoft.graph.security.eventQuery collection	Represents the workload (SharePoint Online, OneDrive for Business, Exchange Online) and identification information associated with a retention event.
eventStatus	microsoft.graph.security.retentionEventStatus	Status of event propogation to the scoped locations after the event has been created.
eventTriggerDateTime	DateTimeOffset	Optional time when the event should be triggered.
id	String	Represents the unique ID of the user who created the retentionEvent. entity.
lastModifiedBy	microsoft.graph.identitySet	The user who last modified the retentionEvent.
lastModifiedDateTime	DateTimeOffset	The latest date time when the retentionEvent was modified.
lastStatusUpdateDateTime	DateTimeOffset	Last time the status of the event was updated.

Graph reference: retentionEventType

Property	Type	Description
createdBy	microsoft.graph.identitySet	The user who created the retentionEventType.
createdDateTime	DateTimeOffset	The date time when the retentionEventType was created.
description	String	Optional information about the event type.
displayName	String	Name of the event type.
id	String	Represents the unique ID of the user who created the retentionEventType. entity.
lastModifiedBy	microsoft.graph.identitySet	The user who last modified the retentionEventType.
lastModifiedDateTime	DateTimeOffset	The latest date time when the retentionEventType was modified.

Graph reference: retentionLabel

Property	Type	Description
actionAfterRetentionPeriod	microsoft.graph.security.actionAfterRetentionPeriod	Specifies the action to take on the labeled document after the period specified by the retentionDuration property expires. The possible values are: `none`, `delete`, `startDispositionReview`, `unknownFutureValue`.
behaviorDuringRetentionPeriod	microsoft.graph.security.behaviorDuringRetentionPeriod	Specifies how the behavior of a document with this label should be during the retention period. The possible values are: `doNotRetain`, `retain`, `retainAsRecord`, `retainAsRegulatoryRecord`, `unknownFutureValue`.
createdBy	microsoft.graph.identitySet	Represents the user who created the retentionLabel.
createdDateTime	DateTimeOffset	Represents the date and time in which the retentionLabel is created.
descriptionForAdmins	String	Provides label information for the admin. Optional.
descriptionForUsers	String	Provides the label information for the user. Optional.
displayName	String	Unique string that defines a label name.
id	String	Unique ID of the retentionLabel.
isInUse	Boolean	Specifies whether the label is currently being used.
lastModifiedBy	microsoft.graph.identitySet	The user who last modified the retentionLabel.
lastModifiedDateTime	DateTimeOffset	The latest date time when the retentionLabel was modified.
retentionDuration	microsoft.graph.security.retentionDuration	Specifies the number of days to retain the content.
retentionTrigger	microsoft.graph.security.retentionTrigger	Specifies whether the retention duration is calculated from the content creation date, labeled date, or last modification date. The possible values are: `dateLabeled`, `dateCreated`, `dateModified`, `dateOfEvent`, `unknownFutureValue`.
defaultRecordBehavior	microsoft.graph.security.defaultRecordBehavior	Specifies the locked or unlocked state of a record label when it is created.The possible values are: `startLocked`, `startUnlocked`, `unknownFutureValue`.
labelToBeApplied	String	Specifies the replacement label to be applied automatically after the retention period of the current label ends.

Graph reference: subcategoryTemplate

Property	Type	Description
createdBy	microsoft.graph.identitySet	Represents the user who created the subcategory descriptor. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
createdDateTime	DateTimeOffset	Represents the date and time in which the subcategory descriptor is created. Inherited from microsoft.graph.security.filePlanDescriptorTemplate. Read-only.
displayName	String	Unique string that defines a subcategory name. Inherited from microsoft.graph.security.filePlanDescriptorTemplate.
id	String	Unique ID of the subcategory. Inherited from microsoft.graph.entity. Read-only.

Table of Contents

RecordsManagement.Read.All

Graph Methods

Resources