diff --git a/changelog/unreleased/drive-permissions.md b/changelog/unreleased/drive-permissions.md
new file mode 100644
index 0000000000..f3495ec0b8
--- /dev/null
+++ b/changelog/unreleased/drive-permissions.md
@@ -0,0 +1,6 @@
+Enhancement: Add permissions to graph drives
+
+Added permissions to graph drives when listing drives.
+
+https://github.com/owncloud/ocis/pull/3095
+
diff --git a/go.mod b/go.mod
index cede9d5a37..cfca997956 100644
--- a/go.mod
+++ b/go.mod
@@ -49,7 +49,7 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.18.1
-	github.com/owncloud/libre-graph-api-go v0.9.0
+	github.com/owncloud/libre-graph-api-go v0.10.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.12.1
 	github.com/rs/zerolog v1.26.1
@@ -232,7 +232,7 @@ require (
 	go.uber.org/multierr v1.7.0 // indirect
 	go.uber.org/zap v1.19.1 // indirect
 	golang.org/x/mod v0.5.1 // indirect
-	golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
 	golang.org/x/text v0.3.7 // indirect
diff --git a/go.sum b/go.sum
index b9291fedd0..2e89f0818d 100644
--- a/go.sum
+++ b/go.sum
@@ -1100,8 +1100,8 @@ github.com/orcaman/concurrent-map v0.0.0-20210501183033-44dafcb38ecc/go.mod h1:L
 github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HDbW65HOY=
 github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
 github.com/ovh/go-ovh v1.1.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA=
-github.com/owncloud/libre-graph-api-go v0.9.0 h1:hMgjztJRCe1kRYqZ+w0paMFFzeUUpBX2o1TPNMNTmdU=
-github.com/owncloud/libre-graph-api-go v0.9.0/go.mod h1:579sFrPP7aP24LZXGPopLfvE+hAka/2DYHk0+Ij+w+U=
+github.com/owncloud/libre-graph-api-go v0.10.0 h1:4PPA7MBbf9du04WOty4jayyjLfs9C4Ei5rokhSoy1Bw=
+github.com/owncloud/libre-graph-api-go v0.10.0/go.mod h1:579sFrPP7aP24LZXGPopLfvE+hAka/2DYHk0+Ij+w+U=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -1609,8 +1609,9 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
diff --git a/graph/pkg/service/v0/drives.go b/graph/pkg/service/v0/drives.go
index 9ced480f42..363dde55d1 100644
--- a/graph/pkg/service/v0/drives.go
+++ b/graph/pkg/service/v0/drives.go
@@ -215,7 +215,7 @@ func (g Graph) CreateDrive(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	newDrive, err := cs3StorageSpaceToDrive(wdu, resp.StorageSpace)
+	newDrive, err := g.cs3StorageSpaceToDrive(wdu, resp.StorageSpace)
 	if err != nil {
 		g.logger.Error().Err(err).Msg("error parsing space")
 		errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
@@ -325,7 +325,7 @@ func (g Graph) UpdateDrive(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	updatedDrive, err := cs3StorageSpaceToDrive(wdu, resp.StorageSpace)
+	updatedDrive, err := g.cs3StorageSpaceToDrive(wdu, resp.StorageSpace)
 	if err != nil {
 		g.logger.Error().Err(err).Msg("error parsing space")
 		errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
@@ -339,7 +339,7 @@ func (g Graph) UpdateDrive(w http.ResponseWriter, r *http.Request) {
 func (g Graph) formatDrives(ctx context.Context, baseURL *url.URL, mds []*storageprovider.StorageSpace) ([]*libregraph.Drive, error) {
 	responses := make([]*libregraph.Drive, 0, len(mds))
 	for _, space := range mds {
-		res, err := cs3StorageSpaceToDrive(baseURL, space)
+		res, err := g.cs3StorageSpaceToDrive(baseURL, space)
 		if err != nil {
 			return nil, err
 		}
@@ -417,13 +417,69 @@ func (g Graph) ListStorageSpacesWithFilters(ctx context.Context, filters []*stor
 	return res, err
 }
 
-func cs3StorageSpaceToDrive(baseURL *url.URL, space *storageprovider.StorageSpace) (*libregraph.Drive, error) {
+func (g Graph) cs3StorageSpaceToDrive(baseURL *url.URL, space *storageprovider.StorageSpace) (*libregraph.Drive, error) {
 	rootID := space.Root.StorageId + "!" + space.Root.OpaqueId
 	if space.Root.StorageId == space.Root.OpaqueId {
 		// omit opaqueid
 		rootID = space.Root.StorageId
 	}
 
+	var permissions []libregraph.Permission
+	if space.Opaque != nil {
+		var m map[string]*storageprovider.ResourcePermissions
+		entry, ok := space.Opaque.Map["grants"]
+		if ok {
+			err := json.Unmarshal(entry.Value, &m)
+			if err != nil {
+				g.logger.Error().
+					Err(err).
+					Str("space", space.Root.OpaqueId).
+					Msg("failed to read spaces grants")
+			}
+		}
+		if len(m) != 0 {
+			managerIdentities := []libregraph.IdentitySet{}
+			editorIdentities := []libregraph.IdentitySet{}
+			viewerIdentities := []libregraph.IdentitySet{}
+
+			for id, perm := range m {
+				// This temporary variable is necessary since we need to pass a pointer to the
+				// libregraph.Identity and if we pass the pointer from the loop every identity
+				// will have the same id.
+				tmp := id
+				identity := libregraph.IdentitySet{User: &libregraph.Identity{Id: &tmp}}
+				switch {
+				case perm.AddGrant:
+					managerIdentities = append(managerIdentities, identity)
+				case perm.InitiateFileUpload:
+					editorIdentities = append(editorIdentities, identity)
+				case perm.Stat:
+					viewerIdentities = append(viewerIdentities, identity)
+				}
+			}
+
+			permissions = make([]libregraph.Permission, 0, 3)
+			if len(managerIdentities) != 0 {
+				permissions = append(permissions, libregraph.Permission{
+					GrantedTo: managerIdentities,
+					Roles:     []string{"manager"},
+				})
+			}
+			if len(editorIdentities) != 0 {
+				permissions = append(permissions, libregraph.Permission{
+					GrantedTo: editorIdentities,
+					Roles:     []string{"editor"},
+				})
+			}
+			if len(viewerIdentities) != 0 {
+				permissions = append(permissions, libregraph.Permission{
+					GrantedTo: viewerIdentities,
+					Roles:     []string{"viewer"},
+				})
+			}
+		}
+	}
+
 	drive := &libregraph.Drive{
 		Id:   &rootID,
 		Name: &space.Name,
@@ -431,7 +487,8 @@ func cs3StorageSpaceToDrive(baseURL *url.URL, space *storageprovider.StorageSpac
 		//"description": "string", // TODO read from StorageSpace ... needs Opaque for now
 		DriveType: &space.SpaceType,
 		Root: &libregraph.DriveItem{
-			Id: &rootID,
+			Id:          &rootID,
+			Permissions: permissions,
 		},
 	}