ListItems.SelectedOperations.Selected
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Read
User Scope
Allow the application to access a subset of listitems without a signed in user. The specific listitems and the permissions granted will be configured in SharePoint Online.
Permission data: May 21, 2026 at 4:34 AM UTC
Delegated Access
App-Only Access
Permission Details
Application Permission
Access selected ListItems without a signed in user.
Allow the application to access a subset of listitems without a signed in user. The specific listitems and the permissions granted will be configured in SharePoint Online.
Permission ID:
de4e4161-a10a-4dfd-809c-e328d89aefeb
Delegated Permission
Admin consent required
Access selected ListItems, on behalf of the signed-in user
Allow the application to access a subset of listitems on behalf of the signed in user. The specific listitems and the permissions granted will be configured in SharePoint Online.
User sees: Allow the application to access a subset of listitems on behalf of the signed in user. The specific listitems and the permissions granted will be configured in SharePoint Online.
Permission ID:
d6d361b3-211a-4191-9fa7-15f72de4aac4
Properties
Microsoft Graph v1.0
endpoint-derived-docs
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
createdBy |
[identitySet][] |
Identity of the user, device, or application which created the item. Read-only. |
createdDateTime |
dateTimeOffset |
Date and time of item creation. Read-only. |
description |
StringNullable |
Provide a user-visible description of the drive. Read-write. |
driveType |
StringNullable |
Describes the type of drive represented by this resource. OneDrive personal drives return personal. OneDrive for Business returns business. SharePoint document libraries return documentLibrary. Read-only. |
id |
String |
The unique identifier of the drive. Read-only. |
lastModifiedBy |
[identitySet][] |
Identity of the user, device, and application which last modified the item. Read-only. |
lastModifiedDateTime |
dateTimeOffset |
Date and time the item was last modified. Read-only. |
name |
stringNullable |
The name of the item. Read-write. |
owner |
identitySet |
Optional. The user account that owns the drive. Read-only. |
quota |
quota |
Optional. Information about the drive's storage space quota. Read-only. |
sharepointIds |
[sharepointIds][] |
Returns identifiers useful for SharePoint REST compatibility. Read-only. This property isn't returned by default and must be selected using the $select query parameter. |
system |
[systemFacet][] |
If present, indicates that it's a system-managed drive. Read-only. |
webUrl |
string (url)Nullable |
URL that displays the resource in the browser. Read-only. |
bundles |
driveItem collection |
Collection of bundles (albums and multi-select-shared sets of items). Only in personal OneDrive. |
createdByUser |
object |
Identity of the user who created the item. Read-only. |
Showing 15 of 24 properties.
JSON Representation
Microsoft Graph v1.0
endpoint-derived-docs
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"createdBy": {"@odata.type": "microsoft.graph.identitySet"},
"createdDateTime": "string (timestamp)",
"description": "string",
"driveType": "personal | business | documentLibrary",
"following": [{"@odata.type": "microsoft.graph.driveItem"}],
"id": "string",
"items": [{"@odata.type": "microsoft.graph.driveItem"}],
"lastModifiedBy": {"@odata.type": "microsoft.graph.identitySet"},
"lastModifiedDateTime": "string (timestamp)",
"name": "string",
"owner": {"@odata.type": "microsoft.graph.identitySet"},
"quota": {"@odata.type": "microsoft.graph.quota"},
"root": {"@odata.type": "microsoft.graph.driveItem"},
"sharepointIds": {"@odata.type": "microsoft.graph.sharepointIds"},
"special": [{"@odata.type": "microsoft.graph.driveItem"}],
"system": {"@odata.type": "microsoft.graph.systemFacet"},
"webUrl": "string",
}Relationships
Microsoft Graph v1.0
endpoint-derived-docs
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
bundles |
[driveItem][] collection |
Collection of [bundles][bundle] (albums and multi-select-shared sets of items). Only in personal OneDrive. |
following |
[driveItem][] collection |
The list of items the user is following. Only in OneDrive for Business. |
items |
[driveItem][] collection |
All items contained in the drive. Read-only. Nullable. |
list |
[list][] |
For drives in SharePoint, the underlying document library list. Read-only. Nullable. |
root |
[driveItem][] |
The root folder of the drive. Read-only. |
special |
[driveItem][] collection |
Collection of common folders available in OneDrive. Read-only. Nullable. |
owner |
object |
Optional. The user account that owns the drive. Read-only. |
activities |
itemActivityOLD collection |
The list of recent activities that took place under this drive. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Code Examples
C# / .NET SDK
Create permission on a driveItem
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Permission
{
GrantedToV2 = new SharePointIdentitySet
{
Application = new Identity
{
Id = "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
},
},
Roles = new List<string>
{
"write",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Drives["{drive-id}"].Items["{driveItem-id}"].Permissions.PostAsync(requestBody);
JavaScript
Create permission on a driveItem
const options = {
authProvider,
};
const client = Client.init(options);
const permission = {
grantedToV2: {
application: {
id: '89ea5c94-7736-4e25-95ad-3fa95f62b66e'
}
},
roles: ['write']
};
await client.api('/drives/b!s8RqPCGh0ESQS2EYnKM0IKS3lM7GxjdAviiob7oc5pXv_0LiL-62Qq3IXyrXnEop/items/01V4EPHZNV2OJQJNBPWNCKDTXCQ5TSVBJU/permissions')
.post(permission);
PowerShell
Create permission on a driveItem
Import-Module Microsoft.Graph.Files
$params = @{
grantedToV2 = @{
application = @{
id = "89ea5c94-7736-4e25-95ad-3fa95f62b66e"
}
}
roles = @(
"write"
)
}
New-MgDriveItemPermission -DriveId $driveId -DriveItemId $driveItemId -BodyParameter $params
Python
Create permission on a driveItem
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.permission import Permission
from msgraph.generated.models.share_point_identity_set import SharePointIdentitySet
from msgraph.generated.models.identity import Identity
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Permission(
granted_to_v2 = SharePointIdentitySet(
application = Identity(
id = "89ea5c94-7736-4e25-95ad-3fa95f62b66e",
),
),
roles = [
"write",
],
)
result = await graph_client.drives.by_drive_id('drive-id').items.by_drive_item_id('driveItem-id').permissions.post(request_body)App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or delegated permissions and search for ListItems.SelectedOperations.Selected
4
Grant Admin Consent
Application permissions always require admin consent.