Microsoft Graph - 为什么需要根网站读取访问权限才能访问另一个网站集中的子网站? [英] Microsoft Graph - Why is root site read access needed to access subsite in another site collection?

问题描述

我正在尝试访问作为嵌套子站点一部分的列表项，如下所示:

I'm trying to access the items of a list that is a part of a nested subsite, like this:

https://{mytenant}.sharepoint.com/
    vendorSiteCollection/
        vendorAppSite/
            vendorList

我的测试用户只有对 vendorAppSite 子网站的读取权限.我已删除所有其他网站的读取权限，包括位于 https://{mytenant}.sharepoint.com 的 root 网站集.

My test user has only Read permission on the vendorAppSite Subsite. I have removed read permissions from all other sites, including the root site collection at https://{mytenant}.sharepoint.com.

如果我在浏览器中导航到此处:

If I navigate to here in a browser:

https://{mytenant}.sharepoint.com/sites/{vendorSiteCollection}/{vendorAppSite}/Lists/{vendorList}/AllItems.aspx

然后我看到了列表，正如预期的那样.

Then I see the list, just as expected.

但是，当我在 Graph Explorer 中提出这个请求时:

However, when I make this request in the Graph Explorer:

https://graph.microsoft.com/v1.0/sites/root:/sites/{vendorSiteCollection}/{vendorAppSite}:/lists/{vendorList}?$expand=items($expand=字段)

我收到 403 禁止响应:

I get a 403 forbidden response:

{
    "error": {
        "code": "accessDenied",
        "message": "The caller does not have permission to perform the action.",
        "innerError": {
            "request-id": "15e2087d-8ae5-46e3-abee-4ab165629dfb",
            "date": "2018-04-05T12:08:16"
        }
    }
}

我希望能够通过 API 读取列表项，就像我可以在 SharePoint Online UI 中查看列表项一样.

I would have expected to be able to read the list items via the API just like I can see the list items in the SharePoint Online UI.

当权限级别设置为这样时，如何使用 Microsoft Graph API 读取项目?

How can I use the Microsoft Graph API to read the items when the permission levels are set like this?

附注:当测试用户对 https://{mytenant}.sharepoint.com 上的 root 网站集具有读取权限时，API 将按预期工作.但是这种解决方法对我们不起作用，因为我们不希望我们的用户拥有对 root 网站集的读取权限.

Side note: When the test user has Read permission on the root site collection at https://{mytenant}.sharepoint.com, the API works as expected. But this workaround doesn't work for us since we don't want our users to have read access to the root site collection.

推荐答案

这个问题似乎在 MS Graph 中得到修复.

This issue seems to be fixed in the MS Graph.

这篇关于Microsoft Graph - 为什么需要根网站读取访问权限才能访问另一个网站集中的子网站?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！