Files.Read
Export JSON
Export CSV
Copy URL
Print
Delegated
Read
User Scope
Allows the app to read the signed-in user's files.
Delegated Access
App-Only Access
Permission Details
Delegated Permission
User consent allowed
Read user files
Allows the app to read the signed-in user's files.
User sees: Allows the app to read your files.
Permission ID:
10465720-29dd-4523-a11a-6a75c743c9d9
Relationships
| Relationship | Type | Description |
|---|---|---|
children |
driveItem collection |
Collection containing Item objects for the immediate children of Item. Only items representing folders have children. Read-only. Nullable. |
permissions |
permission collection |
The set of permissions for the item. Read-only. Nullable. |
thumbnails |
thumbnailSet collection |
Collection of thumbnailSet objects associated with the item. Read-only. Nullable. |
versions |
driveItemVersion collection |
The list of previous versions of the item. Read-only. Nullable. |
workbook |
workbook |
For files that are Excel spreadsheets, access to the workbook API to work with the spreadsheet's contents. Nullable. |
listItem |
listItem |
For drives in SharePoint, the associated document library list item. Read-only. Nullable. |
analytics |
itemAnalytics |
Analytics about the view activities that took place on this item. |
activities |
itemActivityStat collection |
The list of recent activities that took place on this item. |
Graph Methods
Delegated access
App-only access
Code Examples
C# / .NET SDK
// Install: dotnet add package Microsoft.Graph
// Install: dotnet add package Azure.Identity
using Microsoft.Graph;
using Azure.Identity;
// Delegated permissions - interactive user sign-in
var scopes = new[] { "Files.Read" };
var options = new InteractiveBrowserCredentialOptions
{
ClientId = "YOUR_CLIENT_ID",
TenantId = "YOUR_TENANT_ID",
RedirectUri = new Uri("http://localhost")
};
var credential = new InteractiveBrowserCredential(options);
var graphClient = new GraphServiceClient(credential, scopes);
// Example: GET /me
var result = await graphClient.Me.GetAsync();
Console.WriteLine($"User: {result?.DisplayName}");
JavaScript / TypeScript
// npm install @azure/msal-browser @microsoft/microsoft-graph-client
import { PublicClientApplication } from "@azure/msal-browser";
import { Client } from "@microsoft/microsoft-graph-client";
import { AuthCodeMSALBrowserAuthenticationProvider } from
"@microsoft/microsoft-graph-client/authProviders/authCodeMsalBrowser";
const msalConfig = {
auth: {
clientId: "YOUR_CLIENT_ID",
authority: "https://login.microsoftonline.com/YOUR_TENANT_ID"
}
};
const pca = new PublicClientApplication(msalConfig);
await pca.initialize();
// Delegated: Login with required scope
const loginResponse = await pca.loginPopup({
scopes: ["Files.Read"]
});
const authProvider = new AuthCodeMSALBrowserAuthenticationProvider(pca, {
account: loginResponse.account,
scopes: ["Files.Read"],
interactionType: "popup"
});
const graphClient = Client.initWithMiddleware({ authProvider });
// Example: GET /me
const result = await graphClient.api("/me").get();
console.log(result);
PowerShell
# Install Microsoft Graph PowerShell module
Install-Module Microsoft.Graph -Scope CurrentUser
# Delegated access - interactive sign-in
Connect-MgGraph -Scopes "Files.Read"
# Verify connection
Get-MgContext | Select-Object Account, TenantId, Scopes
# Example: GET /me
$result = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/me"
$result | ConvertTo-Json -Depth 5
# Always disconnect when done
Disconnect-MgGraph
Python
# pip install msgraph-sdk azure-identity
from azure.identity import InteractiveBrowserCredential, ClientSecretCredential
from msgraph import GraphServiceClient
import asyncio
# Delegated permissions - interactive browser sign-in
credential = InteractiveBrowserCredential(
client_id="YOUR_CLIENT_ID",
tenant_id="YOUR_TENANT_ID"
)
scopes = ["Files.Read"]
client = GraphServiceClient(credential, scopes)
async def get_data():
# Example: GET /me
result = await client.me.get()
print(f"User: {result.display_name}")
return result
asyncio.run(get_data())
App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Delegated permissions and search for Files.Read
4
Grant Admin Consent
Users can consent to this permission themselves during sign-in.