How to remove permissions of a user on an item using Onedrive Graph API?

Question

Summary:

I'm trying to remove permission of a user on an item using Onedrive Graph API, but I'm always getting 403 Forbidden. I'm using a business account and it's working fine for everything else; adding permissions to users, creating folders, uploading files, etc..

I'm following this documentation https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/permission_delete?view=odsp-graph-online.

What am I doing wrong?

Request made:

Method: DELETE

Url: https://graph.microsoft.com/v1.0/me/drive/items/01CFGODSVE5ZR7NAHG3FGLXM3G2YXDNYPF/permissions/aTowIy5mfG1lbWJlcnNoaXB8bWFyaW9AZXVyb21pYi5mcg

Authorization: Bearer eyJ0e...

Response of the request made:

{
    "error": {
        "code": "notAllowed",
        "message": "Operation not allowed",
        "innerError": {
            "request-id": "23fe15ec-9e3a-4c78-8a82-52be07db60d4",
            "date": "2019-04-19T11:10:20"
        }
    }
}

Postman Request & Response: https://i.ibb.co/y8wcsh8/postman.png

C# Code:

public dynamic RemoveItemPermission(string itemId, string permissionId)
{
    string graphUrl = $"https://graph.microsoft.com/v1.0/me/drive/items/{itemId}/permissions/{permissionId}";
    HttpWebRequest request = WebRequest.CreateHttp(graphUrl);
    request.Headers.Add("Authorization", "Bearer " + AccessToken);
    request.Method = "DELETE";

    var response = request.GetResponse();
    using (StreamReader reader = new StreamReader(response.GetResponseStream()))
    {
        return JsonConvert.DeserializeObject<dynamic>(reader.ReadToEnd());
    }
}

Answer 1

Thanks for the very detailed question Carlos! Based on what you provided we did track down an issue with deleting direct access permissions that were granted to specific users. We disabled the problematic code and so hopefully your issue is now resolved. Definitely let us know if that's NOT the case.