# Access Information for SharePoint KBAs

For SharePoint Knowledge Bases (KBs), it is crucial to retrieve the associated permissions for each file, allowing their usage within our Access Control List (ACL) system. Presently, we can access permissions for files, and site pages. For site pages, we support only permissions on the site level (not per site page) whereas for files we support permissions per file.

To accomplish this task, we utilize during the ingestion of the KBs the **Microsoft Graph API** with the following endpoint: **MS\_GRAPH\_URL/drives/driveid/items/itemid/permissions**. This API allows us to retrieve permissions associated with a particular file, and these permissions can fall into one of three categories:

1. Group
2. SiteGroup
3. User

By utilizing the Microsoft Graph API in this manner, we can effectively access and manage permissions for files and site pages, enabling a fine-grained control over who can access the file/site page, based on these three distinct permission types.

The resulting JSON will include the following key tags:

1. global:siteGroups
2. global:users
3. global:groups

```
{
  "tags": [
    "global:siteGroups=aicompliancechatbotdatarepository-5,aicompliancechatbotdatarepository-4,aicompliancechatbotdatarepository-3",
    "global:users=145f3684-ce2a-453d-af8a-12dcd139d311,42259589-439a-42b4-8bb2-757d61378917",
    "global:groups=group1,group2",
    "global:country=Brazil",
    "global:language=pt"
  ]
}
```

These tags are intended to be utilized by the Access Control List (ACL) system in conjunction with the information obtained from the user's profile who is attempting to access them. The JSON structure will help facilitate access control for site groups, users, and groups in a comprehensive manner, incorporating data from both the SharePoint site and the user's profile to determine access rights and restrictions.

### How to Setup Permission Ingestion <a href="#how-to-setup-permissions-ingestion" id="how-to-setup-permissions-ingestion"></a>

To enable the file permissions, as previously described, you must define two fields in the **Knowledge Article Fields** section. These fields will be integral to the process of managing and integrating permissions within the user profiles, ensuring that the system can effectively store and utilize the necessary information for access control.

In a Sharepoint KB Datasource press the **new Field Mapping** button and add the 2 following mappings

1. Field **TagKey** and Sharepoint Field **keys**
2. Field **TagValue** and Sharepoint Field **values**

<figure><img src="/files/sutS7YQ4QDWEAIkVTfXl" alt=""><figcaption><p>SharePoint TagKey and TagValue</p></figcaption></figure>

### How to add custom TagKey and TagValue <a href="#how-to-add-custom-tagkey-and-tagvalue" id="how-to-add-custom-tagkey-and-tagvalue"></a>

To incorporate additional custom **TagKey/TagValue** pairs, you have the option to define a JavaScript function within the configuration, specifically in the **custom script** input text box.&#x20;

The JavaScript snippet below allows you to add new pairs, such as **country** TagKey with a **Brazil** TagValue. This new pair will become a distinct element within the JSON structure under the tags array, as **global:country=Brazil** . This flexibility allows for the dynamic expansion of custom tagging and metadata associated with the data in the JSON representation.

```
function transform(jsonObject) {
    var JSONParser = Java.type('org.json.simple.parser.JSONParser');
    var JSONArray = Java.type('org.json.simple.JSONArray');
    var JSONObject = Java.type('org.json.simple.JSONObject');
    var parser = new JSONParser();
    var keysList = parser.parse(jsonObject.keys);
    keysList.add("country");
    jsonObject.keys = keysList;
    var parser = new JSONParser();
    var valuesList = parser.parse(jsonObject.values);
    valuesList.add("Brazil");
    jsonObject.values = valuesList;
    return jsonObject;
} 
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.aisera.com/aisera-platform/adding-data-to-your-tenant/content-access-control/access-information-for-sharepoint-kbas.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.