Public/Remove-KritOneDriveShareLinkPermission.ps1
|
function Remove-KritOneDriveShareLinkPermission { <# .SYNOPSIS Revoke a single OneDrive share permission by its PermissionId. .DESCRIPTION Calls Microsoft Graph `DELETE /me/drive/items/{id}/permissions/{permId}`. Find the PermissionId via Get-KritOneDriveShareLinkPermissions. Use cases: • Customer engagement ends — revoke external recipient access. • Internal staff leaves — pull their personal share permissions. • Anonymous link no longer required — kill the link permission. • Mistaken share — revert. Other permissions on the same item are NOT touched. .PARAMETER LocalPath Full path to a file or folder under the OneDrive for Business sync root. .PARAMETER PermissionId The Graph permission ID to revoke (from Get-KritOneDriveShareLinkPermissions). .PARAMETER UseDeviceCode Force device-code auth flow for headless contexts. .EXAMPLE Get-KritOneDriveShareLinkPermissions -LocalPath $f | Where-Object { $_.GrantedToEmails -contains 'lincoln@eeservices.io' } | ForEach-Object { Remove-KritOneDriveShareLinkPermission -LocalPath $f -PermissionId $_.PermissionId -Confirm:$false } Revoke Lincoln's access after the engagement closes. .EXAMPLE Remove-KritOneDriveShareLinkPermission -LocalPath 'C:/Users/joshl/OneDrive - Kritical Pty Ltd/EES/EES-proposal-pack-FINAL-SHARED' -PermissionId 'aTowIy5xLnxs...' Revoke a specific permission by ID. .OUTPUTS PSCustomObject: PermissionId [string] ID that was revoked Removed [bool] true on Graph 204 No Content ItemName [string] RemovedAt [string] ISO 8601 .NOTES CONTRACT inputs: - LocalPath : path; must exist + be under OneDrive sync root - PermissionId : Graph permission ID; required outputs: - PSCustomObject with PermissionId / Removed / ItemName / RemovedAt sideEffects: - Connects to Microsoft Graph (Files.ReadWrite.All + Sites.ReadWrite.All) - Deletes the specified permission on the target DriveItem - Other permissions on the same item are NOT touched invariants: - Permission ID must already exist; Graph returns 404 otherwise (re-raised) - asserts: paired tests/Unit/OneDriveShareLinkPermissions.Tests.ps1 Author: Joshua Finley Repo: Krit.OmniFramework Added: v1.1.13 — Krit.OmniFramework 2026-06-28 (.1507ab) #> [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')] [OutputType([pscustomobject])] param( [Parameter(Mandatory)][string]$LocalPath, [Parameter(Mandatory)][string]$PermissionId, [switch]$UseDeviceCode ) $scopes = @('Files.ReadWrite.All','Sites.ReadWrite.All','User.Read') $resolved = Resolve-KritOneDriveDriveItem -LocalPath $LocalPath -Scopes $scopes -UseDeviceCode:$UseDeviceCode $action = "Revoke permission $PermissionId on $($resolved.ItemName)" if (-not $PSCmdlet.ShouldProcess($resolved.ItemName, $action)) { return } $permUri = "/v1.0/me/drive/items/$($resolved.ItemId)/permissions/$PermissionId" Write-Verbose "Deleting: $permUri" Invoke-MgGraphRequest -Method DELETE -Uri $permUri -ErrorAction Stop | Out-Null [pscustomobject]@{ PermissionId = $PermissionId Removed = $true ItemName = $resolved.ItemName RemovedAt = (Get-Date).ToString('yyyy-MM-ddTHH:mm:ssZ') } } |