You run a OneDrive permission report for a shared folder or file expecting a complete list of who has access. The report shows direct user and group permissions but never includes access granted through sharing links. This happens because the OneDrive permission report is designed to show explicit permissions only, not link-based access. This article explains why link access is omitted, how to view link access separately using Microsoft 365 tools, and how to audit both permission types for a complete security picture.
Key Takeaways: OneDrive Permission Report and Link Access
- OneDrive permission report in SharePoint Admin Center > Access: Shows explicit user and group permissions only. Does not show anyone who accessed the item via a sharing link.
- SharePoint Online Management Shell Get-PnPListItemPermission cmdlet: Returns permission entries for list items but excludes link-based access in its default output.
- Microsoft 365 audit log in Security & Compliance Center: Records each time a sharing link is created, used, or modified. Use this to trace link access history.
Why OneDrive Permission Reports Exclude Link Access
OneDrive stores permissions in two separate layers. The first layer is explicit permissions, which are direct assignments to users or Microsoft 365 groups. The second layer is link-based access, which is managed through sharing links that grant access to anyone with the link, people in your organization, or specific people. The OneDrive permission report reads only the first layer. It queries the underlying SharePoint permission structure, which stores explicit Access Control Entries for each user or group. Sharing links are stored as special permission objects that do not appear in the standard permission enumeration for list items or folders. The report engine simply does not query the link-specific permission store.
Microsoft designed this separation for performance and clarity. A single file can have dozens of sharing links, each with different expiration dates, password requirements, and access levels. Including all those entries in a permission report would quickly make the report unreadable. The report is intended to show who has standing access, not who could have temporary access through a link. However, this design creates a blind spot for security audits. An auditor who relies solely on the permission report will miss anyone who gained access through a link that was never converted to explicit permissions.
How to View Link Access for OneDrive Items
You can see link access for a specific OneDrive file or folder through the Microsoft 365 user interface, PowerShell, and the audit log. The method you choose depends on whether you need a current snapshot or a historical record.
Method 1: Check Link Access Through the OneDrive Web Interface
- Open the OneDrive web app
Go to onedrive.com and sign in with your work or school account. Navigate to the file or folder you want to inspect. - Select the item and open the sharing pane
Click the circle checkbox next to the item. Then click the Share button in the toolbar at the top of the page. The sharing pane opens on the right side of the screen. - Click the three dots next to a link
In the sharing pane, you see a list of all sharing links that exist for this item. Each link shows its type, expiration date if set, and whether it requires a password. Click the three dots next to a link and select Manage access to see who has used that link. - Review the Manage Access panel
A new panel opens showing all users who have accessed the item through that specific link. You see their name, email, and the date they last accessed the file. This view does not appear in any standard permission report.
Method 2: Use Microsoft Graph API to Retrieve Link Permissions
For administrators who need to audit link access across multiple OneDrive accounts, the Microsoft Graph API provides a permissions endpoint that returns both explicit and link permissions. You must filter the response to isolate link-type permissions.
- Authenticate to Microsoft Graph
Use an app registration with theFiles.Read.AllorSites.Read.Allpermission. Obtain an access token for the delegated or application context. - Call the permissions endpoint for the item
Send a GET request tohttps://graph.microsoft.com/v1.0/users/{user-id}/drive/items/{item-id}/permissions. Replace{user-id}with the user’s object ID and{item-id}with the item’s ID from OneDrive. - Parse the response for link objects
The response contains avaluearray. Each object has alinkproperty if it is a sharing link. Objects without alinkproperty are explicit permissions. Filter the array to objects wherelinkis not null to get all sharing links and their properties, includingscope,type, andsharedWith.
Method 3: Search the Microsoft 365 Audit Log for Link Activity
When you need to know who accessed a file through a link at a specific time, the audit log is the definitive source. Every time a sharing link is created, used, or modified, an audit record is generated.
- Open the Microsoft 365 Defender portal
Go to security.microsoft.com and sign in with an account that has the Audit Log or Security Reader role. - Navigate to Audit
In the left navigation, select Audit under the Solutions section. If you do not see it, click Show all first. - Set the search criteria for link activity
Under the Activities filter, search for and select Created sharing link, Used sharing link, and Modified sharing link. Set the date range to cover the period you need to audit. Enter the file name or URL in the File field if you want to narrow results to a specific item. - Review the search results
Click Search. The results show each event with the user who performed the action, the link type, and the target file. Click an individual result to see details such as the link ID, expiration settings, and the user who accessed the link.
Common Issues When Auditing OneDrive Link Access
The Permission Report Shows No Users but the File Is Accessible
This situation occurs when the file has no explicit permissions but is shared via an organization-wide or anyone link. The file inherits permissions from its parent folder, but the link overrides the inheritance for anonymous or org-wide access. Check the sharing links using the web interface as described in Method 1. If an organization-wide link exists, every user in your tenant can access the file even though the permission report shows zero explicit users.
The Audit Log Returns No Results for Link Usage
Audit logging must be enabled for your tenant. Go to the Microsoft 365 admin center, select Audit under Security & Privacy, and verify that auditing is turned on. If it was turned off during the period you are searching, no records exist. Also confirm that you set the date range correctly. Audit logs are retained for 90 days by default for Microsoft 365 E3 licenses and up to one year for E5 licenses.
Link Permissions from PowerShell Show Duplicate Entries
When you use the Graph API or SharePoint Online Management Shell, a single sharing link may appear multiple times if it has been modified. Each modification creates a new version of the link permission object. Filter by the id property of the link to get unique entries. The most recent lastModifiedDateTime indicates the current state of the link.
Permission Report vs Link Access: What Each Method Reveals
| Item | OneDrive Permission Report | Manage Access Panel / Graph API |
|---|---|---|
| Scope of access shown | Explicit user and group permissions only | Both explicit permissions and all sharing links |
| Historical activity | No historical data, only current state | Current state for links; audit log provides history |
| Anonymous access detection | Does not detect anonymous access | Shows anonymous links with scope set to “anonymous” |
| Expiration and password info | Not available | Shows expiration date, password requirement, and link type |
| Exportability | Exportable via CSV from SharePoint Admin Center | No native export; requires Graph API or PowerShell scripting |
The permission report is best for a quick check of who has direct access. The Manage Access panel and Graph API are necessary for a complete security audit that includes link-based sharing. For compliance audits, always use both the permission report and the audit log to cover all access paths.
You now understand that the OneDrive permission report intentionally excludes link access and how to retrieve that data separately. Start by checking the Manage Access panel for any file that concerns you. For broader audits, use the Microsoft Graph API to collect all permissions including links. As an advanced step, set up a scheduled PowerShell script that calls the Graph API weekly and compares the link permissions list against your organization’s sharing policy to detect links that violate expiration or scope rules.