如何获得所有用户的OneDrive的管理员对文件的访问权限 [英] How to get admin access to files for all user's OneDrive

问题描述

我是Office 365部署的租户管理员.我们拥有内部系统，需要访问所有OneDrive网站.我们正在使用我的租户管理员凭据来获取OAuth令牌，并尝试使用带有该OAuth令牌的SharePoint/OneDrive REST API从所有OneDrive网站中获取文件.

I am tenant admin for our Office 365 deployment. we have our internal system which need to access all OneDrive sites. We are using my tenant admin credential to get the OAuth token and trying to get files from all OneDrive sites using SharePoint/OneDrive REST API with that OAuth token.

使用承租人管理员的OAuth令牌，我们只能获取由承租人管理员拥有的文件或与承租人管理员共享的文件.我们无法从其他用户的OneDrive获取文件.

With OAuth token of the tenant admin, we are only able to get the files owned by tenant admin or Shared with tenant admin. we are not able to get the files form other user's OneDrive.

与Microsoft Graph API的结果相同.我们只能获取由租户管理员拥有的文件或与租户管理员共享的文件.我们无法从其他用户的OneDrive获取文件.

Same result with Microsoft Graph API also. we are only able to get the files owned by tenant admin or Shared with tenant admin. we are not able to get the files form other user's OneDrive.

为此的一种解决方案是，将所有OneDrive网站的租户管理员添加到网站集管理员中，但这对我们来说不是一个可行的选择.

One Solution for this could be by adding tenant admin to the site collection admin for all OneDrive Sites, but this is not a feasible option for us.

通过使用OneDrive管理员或租户管理员凭据，是否有任何API或任何其他方式来获取所有OneDrive用户的文件?

Is there any API, or any other way to get all OneDrive user's file by using OneDrive admin or tenant admin credential ?

谢谢， 阿比

推荐答案

您可以使用委派"权限或应用程序"权限来执行此操作.您选择哪一种取决于您的应用程序将如何运行以及您使用的OAUTH授权流程.

You can do this using either Delegated or Application permissions. Which one you choose depends on how your application will run and the OAUTH Grant Flow you're using.

如果您的应用程序是与交互式用户一起运行的(例如，您在运行时坐在应用程序的前面)，那么您想使用Delegated权限和

If your application runs with an interactive user (i.e. you're sitting in front of it while it runs), then you want to use Delegated permissions and the Authorization Code Grant Flow.

如果您的应用程序作为服务运行(即它在后台运行)，那么您将需要使用应用程序权限和

If your application runs as a service (i.e. it runs in the background) then you'll want to use Application permissions and the Client Credentials Grant Flow.

无论您选择哪种权限模型，权限范围和端点都将保持不变.

Regardless of the permission model you choose, the permission scopes and endpoints will remain the same.

您需要以下权限范围之一才能访问租户内的其他用户文件:Files.Read.All，Files.ReadWrite.All，Sites.Read.All，Sites.ReadWrite.All.

You'll need one of the following permission scopes in order to access other user's files within the tenant: Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All.

要查看其他用户的文件，您需要直接寻址该用户的驱动器.这是通过用户的userPrincipalName完成的.例如，要查看用户驱动器根目录中的文件，应调用:

In order to see another user's files, you need to address that user's drive directly. This is done via the user's userPrincipalName. For example, to see files in the root of a user's drive you would call:

 https://graph.microsoft.com/v1.0/users/{userPrincipalName}/drive/root/children

希望这会有所帮助.

这篇关于如何获得所有用户的OneDrive的管理员对文件的访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！