Prerequisites
- Azure environment.
- OneDrive for Business.
- PowerShell Azure SDK installed on the HelloID Agent
- The following permissions are required:
- Files.ReadWrite.All
- Sites.ReadWrite.All
- Microsoft Converged App for Microsoft Graph
- Note: It is highly recommended to create this app under the administrator account.
- To create this Converged App, Follow the steps at the link below: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_register_app_v2
- To configure permissions for Microsoft Graph for this Application, follow the link below:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
Description
This task will grant a OneDrive user access to a OneDrive folder.
Only the roles ‘read’ and ‘write’ are applicable.
This task will only work for folders on a site drive, not for personal.
Variables
| Name | Description | Type | Example | Comment |
|---|---|---|---|---|
| Application id | The unique id of your Microsoft Converged Application for Microsoft Graph. | String | 341dd034-cc1b-4b7c-8df1-b1068c2a3f94 | The app-id, also be known as the Client-id can be found here: https://apps.dev.microsoft.com/#/appList. |
| Tenant name | The tenant name for your OneDrive. This is the same as your SharePoint domain name. | String | {domain}.onmicrosoft.com |
In most cases this is {domain}.onmicrosoft.com, it can only differ if you yourself have requested a change for the tenant name.
|
| Username |
The username of the OneDrive user.
|
String | {username}@{domain} | If‘ Personal or Site’ is set to Site, the OneDrive user is required to have access to that site. To use the administrator account is recommended. |
| Password | The password of the OneDrive user. | String | Password123! | |
| Site URL | The URL of the site, on which the folder you wish to update is located. This site URL is the URL of a SharePoint site. |
String |
https://{domain}.sharepoint.com/{sitename}
|
The site name can differ from the displayed name on the site. To avoid mix-ups, use the URL shown in the address bar. |
| Folder path |
The full path of the folder.
|
String | Marketing/Planning | Only one folder can be updated at a time, so when specifying ‘Marketing/Planning’, the folder ‘Marketing’ already has to exist. If this exist, the folder ‘Planning’ under ‘Marketing’ will have the access role update. |
| User | The username of the user. Recommended is to use the user’s email address. | String | {username} | When using this task to update a group’s access role, specify the full name of that group. |
| Access role |
The name of the access role.
|
String | read | Write and read will overwrite each other. A user either has a read or write access role, not both. Please note: the owner role cannot be removed, nor added with this task. |
| Send invitation | Specify whether to send an invitation to the user. | Boolean | True | True or false. When true an invitation will be send to the user’s primary email address. When false, no invitation will be send. |
| Message | Custom message which will be shown in the invitation. | String | You have now been granted the read rights to the folder Marketing/Planning. |
Task editor