Guidance for OneDrive connector
Read the following information for guidance and best practices when using the OneDrive connector in your flows.
- Authentication
- Types of accounts
- Permissions
- Supported scopes
- Supported drives
- Action card or event card-specific limitations
Authentication
Create a connection using an admin or user OneDrive account. See Authorization.
The connection uses delegated access and delegated permissions, not app-only access or app-only permissions.
Reauthorize a connection
If you've used your account to create a connection successfully, you should be able to use this account to create as many connections as you require. You can reauthorize the old connections if the admin hasn't made any configuration changes.
Types of accounts
Admins must have the following account permissions:
- OneDrive admin account
- OneDrive admin credentials
- Delegated work or school account
- Delegated personal Microsoft account
Permissions
Admins and users must have permissions to upload a file.
- Admins
-
- When attempting to access a user's drive through any of the OneDrive connector cards, that user's OneDrive must be shared with the Admin. This is true even for a Global Administrator.
- The type of group and its access configuration determines the group access.
- Non-admins
-
- Non-admins must be granted permission by admins to access files or drives that they don't own.
- Any group access is determined by the type of group and its access configuration.
- File and folder
-
- If a user's OneDrive is shared with an admin, then that admin can access any of the user's files.
- Non-admins can only access the files and folders of other users if the file has been shared with them.
- Authenticated users can access their own drive.
Supported scopes
The following OAuth scopes must be enabled in your OneDrive environment:
- openid
- profile
- offline_access
- Files.ReadWrite.All
- Group.ReadWrite.All
Supported drives
The OneDrive connector doesn't support transferring drive items between different drives.
Action card or event card-specific limitations
There are several action cards with specific limitations.
Create Organization Sharing Link
By default, you can't create an anonymous sharing link for a file or folder in a group. You can only create an anonymous sharing link for a file or folder in an organization.
Create Recipients Sharing Link
Create an anonymous or organization sharing link.
- Anonymous: anyone with the link has access, without needing to sign in. This may include people outside of your organization. Anonymous link support may be disabled by an administrator.
- Organization: anyone signed into your organization (tenant) can use the link to get access.
When the sharing link doesn't use anonymous settings, it can be sent to others outside the organization. Credentials may be needed to view the shared file or folder if the user isn't part of the organization.
By default, you can't create an anonymous sharing link for a file or folder in a group. You can only create an anonymous sharing link for a file or folder in an organization.
Delete Permission, List Permissions, Read File or Folder
Users must be part of the group or have direct access to the file to read permissions of a file in that group.
Admins must be a member of the group.
Download File
To obtain User ID, Group ID, Drive ID or User ID information in the flow, use another Workflows Office 365 Mail connector card such as Read User or Search User.
Admins can download files in another user's drive.
Users must be part of the group from which they're downloading a file.
Move File or Folder
Users who want to rename the file or folder that is being moved, specify the Name input field with the file extension if moving a file. Leave the Name input field empty if you aren't renaming the file or folder.
Items can't be moved between drives, users, or groups using this request. For example, if the source file or folder in Drive A is moved to a destination folder in Drive B, then the Source file or folder is added to the root directory of Drive A, not the intended folder in Drive B.
By default, users can't move a file or folder from a drive, users or group that belongs to another user.
Search Files or Folders
Users must be part of the group or have direct access to the file to read permissions of a file in that group.
Upload File
If the naming of the uploaded file conflicts with an existing file, the upload file replaces the existing file.
When uploading a file from a group, the user must be part of the group.
Admins can upload files that are in another OneDrive drive or group. In addition, admins can upload files for another user. Files created by the admin are shown as created by the admin.
Related topics
Azure Active Directory connector