I'm trying to access the items of a list that is a part of a nested subsite, like this:
https://{mytenant}.sharepoint.com/
vendorSiteCollection/
vendorAppSite/
vendorList
My test user has only Read permission on the vendorAppSite
Subsite. I have removed read permissions from all other sites, including the root
site collection at https://{mytenant}.sharepoint.com
.
If I navigate to here in a browser:
https://{mytenant}.sharepoint.com/sites/{vendorSiteCollection}/{vendorAppSite}/Lists/{vendorList}/AllItems.aspx
Then I see the list, just as expected.
However, when I make this request in the Graph Explorer:
https://graph.microsoft.com/v1.0/sites/root:/sites/{vendorSiteCollection}/{vendorAppSite}:/lists/{vendorList}?$expand=items($expand=fields)
I get a 403 forbidden response:
{
"error": {
"code": "accessDenied",
"message": "The caller does not have permission to perform the action.",
"innerError": {
"request-id": "15e2087d-8ae5-46e3-abee-4ab165629dfb",
"date": "2018-04-05T12:08:16"
}
}
}
I would have expected to be able to read the list items via the API just like I can see the list items in the SharePoint Online UI.
How can I use the Microsoft Graph API to read the items when the permission levels are set like this?
Side note: When the test user has Read permission on the root
site collection at https://{mytenant}.sharepoint.com
, the API works as expected. But this workaround doesn't work for us since we don't want our users to have read access to the root
site collection.