Microsoft OneNote Connection Details

Introduction

Connector Version

This documentation is based on version 25.0.9368 of the connector.

Get Started

Microsoft OneNote Version Support

All hosted versions of Microsoft OneNote are supported via the Microsoft Graph API v1.0. Includes information accessible from a user's OneNote notebooks, sections, and pages in a personal or organization account.

Establish a Connection

Connect to Microsoft OneNote

There are two authentication methods available for connecting to Microsoft OneNote data sources:

• OAuth 2.0-based methods: Microsoft OneNote provides OAuth 2.0-based authentication via Microsoft Entra ID.
  • For Microsoft Entra ID authentication, set AuthScheme to Microsoft Entra ID.
• Managed Service Identity (MSI) authentication. To use this method, set AuthScheme to AzureMSI.

The following subsections describe each authentication method in detail.

Entra ID (Microsoft Entra ID)

Microsoft Entra ID is a multi-tenant, cloud-based identity and access management platform. It supports OAuth-based authentication flows that enable the driver to access Microsoft OneNote endpoints securely.

Authentication to Entra ID via a web application always requires that you first create and register a custom OAuth application. This enables your application to define its own redirect URI, manage credential scope, and comply with organization-specific security policies.

For full instructions on how to create and register a custom OAuth application, see Creating a Custom Authentication App.

After setting AuthScheme to Microsoft Entra ID, the steps to authenticate vary, depending on the environment. For details on how to connect from desktop applications, web-based workflows, or headless systems, see the following sections..

Desktop Applications

You can authenticate from a desktop application using either the driver's embedded OAuth application or a custom OAuth application registered in Microsoft Entra ID.

Option 1: Use the Embedded OAuth Application

This is a pre-registered application, included with the driver. It simplifies setup and eliminates the need to register your own credentials and is ideal for development environments, single-user tools, or any setup where quick and easy authentication is preferred.

Set the following connection properties:

• AuthScheme: Microsoft Entra ID
• InitiateOAuth:
  • GETANDREFRESH – Use for the initial login. Launches the login page and saves tokens.
  • REFRESH – Use this setting when you have already obtained valid access and refresh tokens. Reuses stored tokens without prompting the user again.

When you connect, the driver opens the Microsoft Entra sign-in page in your default browser. After signing in and granting access, the driver retrieves the access and refresh tokens and saves them to the path specified by OAuthSettingsLocation.

Option 2: Use a Custom OAuth Application

If your organization requires more control, such as managing security policies, redirect URIs, or application branding, you can instead register a custom OAuth application in Microsoft Entra ID and provide its values during connection.

During registration, record the following values:

• OAuthClientId: The client ID that was generated when you registered your custom OAuth application.
• OAuthClientSecret: The client secret that was that was generated when you registered your custom OAuth application.
• CallbackURL: A redirect URI you defined during application registration.

For full instructions on how to register a custom OAuth application and configure redirect URIs, see Creating a Custom Authentication App.

Set the following connection properties:

• AuthScheme: Microsoft Entra ID
• InitiateOAuth:
  • GETANDREFRESH – Use for the initial login. Launches the login page and saves tokens.
  • REFRESH – Use this setting when you have already obtained valid access and refresh tokens. Reuses stored tokens without prompting the user again.
• OAuthClientId: The client ID that was generated when you registered your custom OAuth application.
• OAuthClientSecret: The client secret that was generated when you registered your custom OAuth application.
• CallbackURL: A redirect URI you defined during application registration.

After authentication, tokens are saved to OAuthSettingsLocation. These values persist across sessions and are used to automatically refresh the access token when it expires, so you don't need to log in again on future connections.

Managed Service Identity (MSI)

If you are running Microsoft OneNote on an Azure VM and want to automatically obtain Managed Service Identity (MSI) credentials to connect, set AuthScheme to AzureMSI.

User-Managed Identities

To obtain a token for a managed identity, use the OAuthClientId property to specify the managed identity's client_id.

If your VM has multiple user-assigned managed identities, you must also specify OAuthClientId.

Create an Entra ID (Microsoft Entra ID) Application

Create an Entra ID (Microsoft Entra ID) Application

Microsoft OneNote supports OAuth-based authentication using Microsoft Entra ID. If you will connect via a web application and want to authenticate via Entra ID, you must first register a custom OAuth application in the Entra Admin Center, as described below.

If you will connect via a desktop application or headless machine, you can authenticate using Microsoft OneNote's built-in embedded application credentials, which use branding. However, custom OAuth applications are also compatible with desktop and headless authentication flows, and may be preferable for production deployments or environments requiring strict policy control.

Register the Application

To register an OAuth application in Microsoft Entra ID, follow these steps:

1. Go to https://portal.azure.com.

2. In the left-hand navigation pane, select Microsoft Entra ID > App registrations.

3. Click New registration.

4. Enter a name for the application.

5. Specify the types of accounts this application should support:

   • For private-use applications, select Accounts in this organization directory only.
   • For distributed applications, select one of the multi-tenant options.

   Note

   If you select Accounts in this organizational directory only, when you connect with Microsoft OneNote connector, you must set AzureTenant to the tenant's ID (either GUID or verified domain). Otherwise, authentication will fail.

6. Set the redirect URI to http://localhost:33333 (default), or use another URI appropriate for your deployment.

   When using a custom redirect URI set a CallbackURL connection property; in those cases, set it to match this URI exactly.

7. Click Register. The application management screen opens. Record these values for later use:

   • Application (client) ID is used for OAuthClientId
   • Directory (tenant) ID is used for AzureTenant

8. Go to Certificates & Secrets. Click New Client Secret, set the desired expiration, and save the generated value. This value will only be shown once — record it to use with OAuthClientSecret.

9. Select the Microsoft Graph API, and the following delegated permissions allow access to the full functionality of the driver:

   • Read and write all Notebooks, Sections, SectionGroups and Pages.
   • Read all users.
   • Read all groups.

10. To confirm, click Add permissions.

Create an Entra ID (Microsoft Entra ID) Application

Microsoft OneNote supports OAuth-based authentication using Microsoft Entra ID. If you will connect via a web application and want to authenticate via Entra ID, you must first register a custom OAuth application in the Entra Admin Center, as described below.

If you will connect via a desktop application or headless machine, you can authenticate using Microsoft OneNote's built-in embedded application credentials, which use branding. However, custom OAuth applications are also compatible with desktop and headless authentication flows, and may be preferable for production deployments or environments requiring strict policy control.

Register the Application

To register an OAuth application in Microsoft Entra ID, follow these steps:

1. Go to https://portal.azure.com.

2. In the left-hand navigation pane, select Microsoft Entra ID > App registrations.

3. Click New registration.

4. Enter a name for the application.

5. Specify the types of accounts this application should support:

   • For private-use applications, select Accounts in this organization directory only.
   • For distributed applications, select one of the multi-tenant options.

   Note

   If you select Accounts in this organizational directory only, when you connect with Microsoft OneNote connector, you must set AzureTenant to the tenant's ID (either GUID or verified domain). Otherwise, authentication will fail.

6. Set the redirect URI to http://localhost:33333 (default), or use another URI appropriate for your deployment.

   When using a custom redirect URI set a CallbackURL connection property; in those cases, set it to match this URI exactly.

7. Click Register. The application management screen opens. Record these values for later use:

   • Application (client) ID is used for OAuthClientId
   • Directory (tenant) ID is used for AzureTenant

8. Go to Certificates & Secrets. Click New Client Secret, set the desired expiration, and save the generated value. This value will only be shown once — record it to use with OAuthClientSecret.

9. Select the Microsoft Graph API, and the following delegated permissions allow access to the full functionality of the driver:

   • Read and write all Notebooks, Sections, SectionGroups and Pages.
   • Read all users.
   • Read all groups.

10. To confirm, click Add permissions.

Administrative Tasks

The Microsoft OneNote connector can be used to perform administrative tasks. This can be done by specifying the UserId column to execute CUD operations.

The UserId Column

Many tables expose a special UserId column. This is designed to be used by an administrator to modify records on another user's account. If you are not an administrator or do not desire this behavior, do not specify the UserId when performing an INSERT / UPDATE / DELETE operation. For instance, executing the following will insert a notebook for another user:

INSERT INTO Notebooks (displayName, UserId) VALUES ('Test Notebook', '12345')

The above request will have the overall effect of attempting to add a notebook under the resource at /users/12345/notebooks. When UserId is not specified, the resources affected will instead be modified under /users/me/notebooks. In general if you are not an administrator, you can only affect or view records under /users/me, so it is not recommended to set UserId when you are not an admin.

Important Notes

Configuration Files and Their Paths

• All references to adding configuration files and their paths refer to files and locations on the Jitterbit agent where the connector is installed. These paths are to be adjusted as appropriate depending on the agent and the operating system. If multiple agents are used in an agent group, identical files will be required on each agent.

Advanced Features

This section details a selection of advanced features of the Microsoft OneNote connector.

User Defined Views

The connector supports the use of user defined views, virtual tables whose contents are decided by a pre-configured user defined query. These views are useful when you cannot directly control queries being issued to the drivers. For an overview of creating and configuring custom views, see User Defined Views.

SSL Configuration

Use SSL Configuration to adjust how connector handles TLS/SSL certificate negotiations. You can choose from various certificate formats. For further information, see the SSLServerCert property under "Connection String Options".

Proxy

To configure the connector using private agent proxy settings, select the Use Proxy Settings checkbox on the connection configuration screen.

Query Processing

The connector offloads as much of the SELECT statement processing as possible to Microsoft OneNote and then processes the rest of the query in memory (client-side).

For further information, see Query Processing.

Log

For an overview of configuration settings that can be used to refine logging, see Logging. Only two connection properties are required for basic logging, but there are numerous features that support more refined logging, which enables you to use the LogModules connection property to specify subsets of information to be logged.

User Defined Views

The Microsoft OneNote connector supports the use of user defined views: user-defined virtual tables whose contents are decided by a preconfigured query. User defined views are useful in situations where you cannot directly control the query being issued to the driver; for example, when using the driver from Jitterbit.

Use a user defined view to define predicates that are always applied. If you specify additional predicates in the query to the view, they are combined with the query already defined as part of the view.

There are two ways to create user defined views:

• Create a JSON-formatted configuration file defining the views you want.
• DDL statements.

Define Views Using a Configuration File

User defined views are defined in a JSON-formatted configuration file called UserDefinedViews.json. The connector automatically detects the views specified in this file.

You can also have multiple view definitions and control them using the UserDefinedViews connection property. When you use this property, only the specified views are seen by the connector.

This user defined view configuration file is formatted so that each root element defines the name of a view, and includes a child element, called query, which contains the custom SQL query for the view.

For example:

{
    "MyView": {
        "query": "SELECT * FROM Notebooks WHERE MyColumn = 'value'"
    },
    "MyView2": {
        "query": "SELECT * FROM MyTable WHERE Id IN (1,2,3)"
    }
}

Use the UserDefinedViews connection property to specify the location of your JSON configuration file. For example:

"UserDefinedViews", "C:\Users\yourusername\Desktop\tmp\UserDefinedViews.json"

Define Views Using DDL Statements

The connector is also capable of creating and altering the schema via DDL Statements such as CREATE LOCAL VIEW, ALTER LOCAL VIEW, and DROP LOCAL VIEW.

Create a View

To create a new view using DDL statements, provide the view name and query as follows:

CREATE LOCAL VIEW [MyViewName] AS SELECT * FROM Customers LIMIT 20;

If no JSON file exists, the above code creates one. The view is then created in the JSON configuration file and is now discoverable. The JSON file location is specified by the UserDefinedViews connection property.

Alter a View

To alter an existing view, provide the name of an existing view alongside the new query you would like to use instead:

ALTER LOCAL VIEW [MyViewName] AS SELECT * FROM Customers WHERE TimeModified > '3/1/2020';

The view is then updated in the JSON configuration file.

Drop a View

To drop an existing view, provide the name of an existing schema alongside the new query you would like to use instead.

DROP LOCAL VIEW [MyViewName]

This removes the view from the JSON configuration file. It can no longer be queried.

Schema for User Defined Views

In order to avoid a view's name clashing with an actual entity in the data model, user defined views are exposed in the UserViews schema by default. To change the name of the schema used for UserViews, reset the UserViewsSchemaName property.

Work with User Defined Views

For example, a SQL statement with a user defined view called UserViews.RCustomers only lists customers in Raleigh:

SELECT * FROM Customers WHERE City = 'Raleigh';

An example of a query to the driver:

SELECT * FROM UserViews.RCustomers WHERE Status = 'Active';

Resulting in the effective query to the source:

SELECT * FROM Customers WHERE City = 'Raleigh' AND Status = 'Active';

That is a very simple example of a query to a user defined view that is effectively a combination of the view query and the view definition. It is possible to compose these queries in much more complex patterns. All SQL operations are allowed in both queries and are combined when appropriate.

SSL Configuration

Customize the SSL Configuration

By default, the connector attempts to negotiate TLS with the server. The server certificate is validated against the default system trusted certificate store. You can override how the certificate gets validated using the SSLServerCert connection property.

To specify another certificate, see the SSLServerCert connection property.

Data Model

Overview

This section shows the available API objects and provides more information on executing SQL to Microsoft OneNote APIs.

Key Features

• The connector models Microsoft OneNote entities like users and groups as relational views, entities like notebooks, sections, section groups and pages as relational tables, allowing you to write SQL to query Microsoft OneNote data.
• Stored procedures allow you to execute operations to Microsoft OneNote, including retrieving the access token and keeping it refreshed in OAuth 2.0.
• Live connectivity to these objects means any changes to your Microsoft OneNote account are immediately reflected when using the connector.

Views

Views describes the available views. Views are statically defined to model Users and Groups.

Tables

Tables describes the available tables. Tables are statically defined to model Notebooks, SectionGroups, Sections and Pages.

Stored Procedures

Stored Procedures are function-like interfaces to OneNote. They can be used to search, create, and modify information in OneNote.

Tables

The connector models the data in Microsoft OneNote as a list of tables in a relational database that can be queried using standard SQL statements.

Microsoft OneNote Connector Tables

Notebooks

Retrieves all Notebooks for the authenticated user.

Table Specific Information

Select

Most filters are handled server side, but the specific fields of Id, UserId, GroupId and SiteId will change the endpoint we use to retrieve the data. They must be specified with an '=' or IN condition. For example:

SELECT * FROM Notebooks WHERE Id = '1-56e2fc02-f3dd-4f82-82fb-519bc4807935'
SELECT * FROM Notebooks WHERE Id IN ('1-56e2fc02-f3dd-4f82-82fb-519bc4807935', '1-56e2fc02-f3dd-4f82-fvgf-dfsdf4807935')
SELECT * FROM Notebooks WHERE UserId = '9525a3f1-aa40-4f17-a97b-68606d118adf'
SELECT * FROM Notebooks WHERE GroupId = '044d385d-6ca8-4d81-800d-223124b651db'
SELECT * FROM Notebooks WHERE SiteId = 'rssbuscrm.sharepoint.com,9839b8a3-343a-4064-996a-d2a300bc559f,2b6cda85-3573-4578-ae76-dfdde60c771b'

Insert

The column required to perform an Insert operation on Notebooks table is DisplayName. If the INSERT operation is done on behalf of a group or user then UserId or GroupId should also be specified. The following examples illustrate an Insert operation on Notebooks:

INSERT INTO Notebooks (DisplayName) VALUES ('Getting started')
INSERT INTO Notebooks (DisplayName, UserId) VALUES ('Getting started', '9525a3f1-aa40-4f17-a97b-68606d118adf')
INSERT INTO Notebooks (DisplayName, GroupId) VALUES ('Getting started', '044d385d-6ca8-4d81-800d-223124b651db')

Columns

SectionGroups

Retrieves all SectionGroups accross notebooks for the authenticated user.

Table Specific Information

Select

Most filters are handled server side, but the specific fields of Id, UserId, GroupId, SiteId and ParentNotebookId will change the endpoint we use to retrieve the data. They must be specified with an '=' or IN condition. For example:

SELECT * FROM SectionGroups WHERE Id = '1-56e2fc02-f3dd-4f82-82fb-519bc4807935'
SELECT * FROM SectionGroups WHERE ParentNotebookId = '1-2342423-1234-3424-82fb-519bc4807935'
SELECT * FROM SectionGroups WHERE Id IN ('1-56e2fc02-f3dd-4f82-82fb-519bc4807935', '1-sdcgw3324-f3dd-5678-derf-519bc4807935')
SELECT * FROM SectionGroups WHERE ParentNotebookId IN ('1-56e2fc02-f3dd-4f82-82fb-519bc4807935', '1-sdcgw3324-f3dd-5678-derf-519bc4807935')
SELECT * FROM SectionGroups WHERE UserId = '9525a3f1-aa40-4f17-a97b-68606d118adf'
SELECT * FROM SectionGroups WHERE GroupId = '044d385d-6ca8-4d81-800d-223124b651db'
SELECT * FROM SectionGroups WHERE SiteId = 'cdata0.sharepoint.com,0a40f113-9f39-459d-a22a-9cc88b46f031,dd4add46-e9ed-4ed8-b479-d55d0721bc7f'

Insert

The columns required to perform an Insert operation on SectionGroups table is DisplayName and ParentNotebookId. If the INSERT operation is done on behalf of a group or user then UserId or GroupId should also be specified. The following examples illustrate an Insert operation on SectionGroups:

INSERT INTO SectionGroups (DisplayName, ParentNotebookId) VALUES ('Getting started', '1-5c57790b-73c3-4996-940e-07c3f2157571')
INSERT INTO SectionGroups (DisplayName, ParentNotebookId, UserId) VALUES ('Getting started', '1-5c57790b-73c3-4996-940e-07c3f2157571', '9525a3f1-aa40-4f17-a97b-68606d118adf')
INSERT INTO SectionGroups (DisplayName, ParentNotebookId, GroupId) VALUES ('Getting started', '1-5c57790b-73c3-4996-940e-07c3f2157571', '044d385d-6ca8-4d81-800d-223124b651db')

Columns

Sections

Retrieves all Sections accross notebooks for the authenticated user.

Table Specific Information

Select

Most filters are handled server side, but the specific fields of Id, UserId, GroupId, SiteId, ParentNotebookId and ParentSectionGroupId will change the endpoint we use to retrieve the data. They must be specified with an '=' or IN condition. For example:

SELECT * FROM Sections WHERE Id = '1-56e2fc02-f3dd-4f82-82fb-519bc4807935'
SELECT * FROM Sections WHERE ParentNotebookId = '1-56e2fc02-f3dd-4f82-82fb-519bc4807935'
SELECT * FROM Sections WHERE ParentSectionGroupId = '1-56e2fc02-f3dd-4f82-82fb-519bc4807935'
SELECT * FROM Sections WHERE Id IN ('1-56e2fc02-f3dd-4f82-82fb-519bc4807935', '1-23423-f3dd-rtsd-gfds-4353423fsdf')
SELECT * FROM Sections WHERE ParentNotebookId IN ('1-56e2fc02-f3dd-4f82-82fb-519bc4807935', '1-23423-f3dd-rtsd-gfds-4353423fsdf')
SELECT * FROM Sections WHERE ParentSectionGroupId IN ('1-56e2fc02-f3dd-4f82-82fb-519bc4807935', '1-23423-f3dd-rtsd-gfds-4353423fsdf')
SELECT * FROM Sections WHERE UserId = '9525a3f1-aa40-4f17-a97b-68606d118adf'
SELECT * FROM Sections WHERE GroupId = '044d385d-6ca8-4d81-800d-223124b651db'
SELECT * FROM Sections WHERE SiteId = 'cdata0.sharepoint.com,0a40f113-9f39-459d-a22a-9cc88b46f031,dd4add46-e9ed-4ed8-b479-d55d0721bc7f'

Insert

The columns required to perform an Insert operation on Sections table is DisplayName and ParentNotebookId. If the INSERT operation is done on behalf of a group or user then UserId or GroupId should also be specified. The following examples illustrate an Insert operation on Sections:

INSERT INTO Sections (DisplayName, ParentNotebookId) VALUES ('Getting started', '1-5c57790b-73c3-4996-940e-07c3f2157571')
INSERT INTO Sections (DisplayName, ParentNotebookId, UserId) VALUES ('Getting started', '1-5c57790b-73c3-4996-940e-07c3f2157571', '9525a3f1-aa40-4f17-a97b-68606d118adf')
INSERT INTO Sections (DisplayName, ParentNotebookId, GroupId) VALUES ('Getting started', '1-5c57790b-73c3-4996-940e-07c3f2157571', '044d385d-6ca8-4d81-800d-223124b651db')

Columns

Views

Views are similar to tables in the way that data is represented; however, views are read-only.

Queries can be executed against a view as if it were a normal table.

Microsoft OneNote Connector Views

Groups

Retrieves all Microsoft Entra ID (Microsoft Entra ID) groups, which can be Office 365 groups, or security groups.

Table Specific Information

Groups require Administrator permissions. To work with them, you must create your own custom OAuth App and set the appropriate OAuthClientId and OAuthClientSecret. In this app, you must configure it to request the Group.Read.All permission. This can be done at https://apps.dev.microsoft.com, or in the App Registrations panel at http://portal.azure.com. See Creating a Custom Authentication App for more details on creating a custom app.

To authorize Groups permissions, an administrator must grant the Groups permissions for your organization at large. This can be done via the administrator authorization endpoint. Simply have the administrator navigate to the following web page and grant permissions. Then run the OAuth authorization as normal afterwards.

https://login.microsoftonline.com/common/adminconsent?client_id=[YourClientId]&redirect_uri=http://localhost:33333

Select

Most filters are handled server side, but the specific field of ID will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition. For example:

SELECT * FROM Groups WHERE Id = '616391f0-32d8-4127-8f25-aa55771d6617'
SELECT * FROM Groups WHERE ID IN ('616391f0-32d8-4127-8f25-aa55771d6617', 'dfgd4rw3-5rvg-76hy-tr5t-aa55771d6617')

Columns

Pages

Retrieves all Pages accross notebooks for the authenticated user.

Table Specific Information

Select

Most filters are handled server side, but the specific fields of Id, ParentSectionId, UserId, GroupId or SiteId will change the endpoint we use to retrieve the data. They must be specified with an '=' or IN condition. For example:

SELECT * FROM Pages WHERE Id = '1-e8992fa8e5254df387d062d04e75a6e7!6-e8341f6e-75b1-4811-8bb4-d2069c7f7a2d'
SELECT * FROM Pages WHERE Id IN ('1193-dsdda-9392-4706514c636b', '1193-dsdda-9392-sdfasdw33324')
SELECT * FROM Pages WHERE ParentSectionId = '1-e8341f6e-75b1-4811-8bb4-d2069c7f7a2d'
SELECT * FROM Pages WHERE ParentSectionId = '1-e8341f6e-75b1-4811-8bb4-d2069c7f7a2d' AND UserId = '92dfdfc6-f1d4-4965-9f71-30e4da4fa7fe'
SELECT * FROM Pages WHERE ParentSectionId = '1-e8341f6e-75b1-4811-8bb4-d2069c7f7a2d' AND GroupId = '1772bb5a-f8e9-405d-a90b-eac11b0b9b9a'
SELECT * FROM Pages WHERE GroupId = 'acabe397-8370-4c31-aeb7-2d7ae6b8cda1'
SELECT * FROM Pages WHERE UserId = '92dfdfc6-f1d4-4965-9f71-30e4da4fa7fe'
SELECT * FROM Pages WHERE SiteId = 'cdata0.sharepoint.com,0a40f113-9f39-459d-a22a-9cc88b46f031,dd4add46-e9ed-4ed8-b479-d55d0721bc7f'

Columns

PagesContent

Retrieves the content for the pages

Table Specific Information

Select

Most filters are handled server side, but the specific fields of PageId, UserId, GroupId or SiteId will change the endpoint we use to retrieve the data. They must be specified with an '=' or IN condition. For example:

SELECT * FROM PagesContent WHERE PageId = '1-396658ffc20744bcb716bdd972cc3bfb!1-26d8f808-d809-4df0-a292-d79499d870d'
SELECT * FROM PagesContent where PageId IN ('1-396658ffc20744bcb716bdd972cc3bfb!1-26d8f808-d809-4df0-a292-d79499d870d7', '1-3c0db927dab643d0bbe402f79e6be51f!1-11a54aa2-2105-4d7b-92c3-6e448fbadcc7', '1-a4375ec1f6cd4183ae142bd1fc54859c!1-11a54aa2-2105-4d7b-92c3-6e448fbadcc7')
SELECT * FROM PagesContent WHERE PageId IN (SELECT Id from Pages WHERE UserId = '92dfdfc6-f1d4-4965-9f71-30e4da4fa7fe') AND UserId = '92dfdfc6-f1d4-4965-9f71-30e4da4fa7fe'
SELECT * FROM PagesContent WHERE UserId = '92dfdfc6-f1d4-4965-9f71-30e4da4fa7fe'
SELECT * FROM PagesContent WHERE SiteId = 'cdata0.sharepoint.com,0a40f113-9f39-459d-a22a-9cc88b46f031,dd4add46-e9ed-4ed8-b479-d55d0721bc7f'

Columns

Sites

Retrieves all sites for the authenticated user.

Columns

Users

Retrieves all Microsoft Entra ID user accounts within the authenticated permissions.

Table Specific Information

Users require Administrator permissions. To work with them, you must create your own custom OAuth App and set the appropriate OAuthClientId and OAuthClientSecret. In this app, you must configure it to request the User.Read.All permission. This can be done at https://apps.dev.microsoft.com, or in the App Registrations panel at http://portal.azure.com. See Creating a Custom Authentication App for more details on creating a custom app.

To authorize User permissions, an administrator must grant the Users permissions for your organization at large. This can be done via the administrator authorization endpoint. Simply have the administrator navigate to the following web page and grant permissions. Then run the OAuth authorization as normal afterwards.

https://login.microsoftonline.com/common/adminconsent?client_id=[YourClientId]&redirect_uri=http://localhost:33333

Select

Most filters are handled server side, but the specific field of ID will change the endpoint we use to retrieve the data. It must be specified with an '=' or IN condition. For example:

SELECT * FROM Users WHERE Id = '616391f0-32d8-4127-8f25-aa55771d6617'
SELECT * FROM Users WHERE ID IN ('616391f0-32d8-4127-8f25-aa55771d6617', 'dfgd4rw3-5rvg-76hy-tr5t-aa55771d6617')

Columns

Stored Procedures

Stored procedures are function-like interfaces that extend the functionality of the connector beyond simple SELECT/INSERT operations with Microsoft OneNote.

Stored procedures accept a list of parameters, perform their intended function, and then return any relevant response data from Microsoft OneNote, along with an indication of whether the procedure succeeded or failed.

Microsoft OneNote Connector Stored Procedures

CopyNotebook

Copies a notebook to the Notebooks folder in the destination Documents library. The folder is created if it doesn't exist.

Input

Result Set Columns

CopyPage

Copies a page to a specific section.

Input

Result Set Columns

CopySection

Copies a section to a specific notebook or section group.

Input

Result Set Columns

CreatePage

Creates a new page for the specified section

Stored Procedures Specific Information

Microsoft OneNote allows multiple columns to be used in the Exec query. These columns can typically be used with only = comparison. SectionId and One of either Content or File params are required to execute this procedure. For example:

EXECUTE CreatePage SectionId = '1-8a84fed0-5381-47f3-89bc-cd16f7a4f06d', File = 'C:\\Users\\Dell\\Desktop\\content.html'

Input

Result Set Columns

DownloadDocument

To download the file or image resource object

Input

Result Set Columns

GetAdminConsentURL

Gets the admin consent URL that must be opened separately by an admin of a given domain to grant access to your application. Only needed when using custom OAuth credentials.

Input

Result Set Columns

GetOAuthAccessToken

Gets an authentication token from OneNote.

Input

Result Set Columns

GetOAuthAuthorizationURL

Gets the authorization URL that must be opened separately by the user to grant access to your application. Only needed when developing Web apps. You will request the auth token from this URL.

Input

Result Set Columns

GetPages

The HTML content of the particular Page

Input

Result Set Columns

RefreshOAuthAccessToken

Refreshes the OAuth access token used for authentication with various OneNote services.

Input

Result Set Columns

System Tables

You can query the system tables described in this section to access schema information, information on data source functionality, and batch operation statistics.

Schema Tables

The following tables return database metadata for Microsoft OneNote:

• sys_catalogs: Lists the available databases.
• sys_schemas: Lists the available schemas.
• sys_tables: Lists the available tables and views.
• sys_tablecolumns: Describes the columns of the available tables and views.
• sys_procedures: Describes the available stored procedures.
• sys_procedureparameters: Describes stored procedure parameters.
• sys_keycolumns: Describes the primary and foreign keys.
• sys_indexes: Describes the available indexes.

Data Source Tables

The following tables return information about how to connect to and query the data source:

• sys_connection_props: Returns information on the available connection properties.
• sys_sqlinfo: Describes the SELECT queries that the connector can offload to the data source.

Query Information Tables

The following table returns query statistics for data modification queries:

• sys_identity: Returns information about batch operations or single updates.

sys_catalogs

Lists the available databases.

The following query retrieves all databases determined by the connection string:

SELECT * FROM sys_catalogs

Columns

sys_schemas

Lists the available schemas.

The following query retrieves all available schemas:

SELECT * FROM sys_schemas

Columns

sys_tables

Lists the available tables.

The following query retrieves the available tables and views:

SELECT * FROM sys_tables

Columns

sys_tablecolumns

Describes the columns of the available tables and views.

The following query returns the columns and data types for the Notebooks table:

SELECT ColumnName, DataTypeName FROM sys_tablecolumns WHERE TableName='Notebooks'

Columns

sys_procedures

Lists the available stored procedures.

The following query retrieves the available stored procedures:

SELECT * FROM sys_procedures

Columns

sys_procedureparameters

Describes stored procedure parameters.

The following query returns information about all of the input parameters for the CopyNotebook stored procedure:

SELECT * FROM sys_procedureparameters WHERE ProcedureName = 'CopyNotebook' AND Direction = 1 OR Direction = 2

To include result set columns in addition to the parameters, set the IncludeResultColumns pseudo column to True:

SELECT * FROM sys_procedureparameters WHERE ProcedureName = 'CopyNotebook' AND IncludeResultColumns='True'

Columns

Pseudo-Columns

sys_keycolumns

Describes the primary and foreign keys.

The following query retrieves the primary key for the Notebooks table:

SELECT * FROM sys_keycolumns WHERE IsKey='True' AND TableName='Notebooks'

Columns

sys_foreignkeys

Describes the foreign keys.

The following query retrieves all foreign keys which refer to other tables:

SELECT * FROM sys_foreignkeys WHERE ForeignKeyType = 'FOREIGNKEY_TYPE_IMPORT'

Columns

sys_primarykeys

Describes the primary keys.

The following query retrieves the primary keys from all tables and views:

SELECT * FROM sys_primarykeys

Columns

sys_indexes

Describes the available indexes. By filtering on indexes, you can write more selective queries with faster query response times.

The following query retrieves all indexes that are not primary keys:

SELECT * FROM sys_indexes WHERE IsPrimary='false'

Columns

sys_connection_props

Returns information on the available connection properties and those set in the connection string.

The following query retrieves all connection properties that have been set in the connection string or set through a default value:

SELECT * FROM sys_connection_props WHERE Value <> ''

Columns

sys_sqlinfo

Describes the SELECT query processing that the connector can offload to the data source.

Discovering the Data Source's SELECT Capabilities

Below is an example data set of SQL capabilities. Some aspects of SELECT functionality are returned in a comma-separated list if supported; otherwise, the column contains NO.

The following query retrieves the operators that can be used in the WHERE clause:

SELECT * FROM sys_sqlinfo WHERE Name = 'SUPPORTED_OPERATORS'

Note that individual tables may have different limitations or requirements on the WHERE clause; refer to the Data Model section for more information.

Columns

sys_identity

Returns information about attempted modifications.

The following query retrieves the Ids of the modified rows in a batch operation:

SELECT * FROM sys_identity

Columns

sys_information

Describes the available system information.

The following query retrieves all columns:

SELECT * FROM sys_information

Columns

Data Type Mapping

Data Type Mappings

The connector maps types from the data source to the corresponding data type available in the schema. The table below documents these mappings.

Advanced Configurations Properties

The advanced configurations properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure. Click the links for further details.

Authentication

Connection

Azure Authentication

OAuth

JWT OAuth

SSL

Schema

Miscellaneous

Authentication

This section provides a complete list of authentication properties you can configure.

AuthScheme

Specifies the type of authentication to use when connecting to Microsoft OneNote. If this property is left blank, the default authentication is used.

Possible Values

Microsoft Entra ID, AzureMSI, AzureServicePrincipal, AzureServicePrincipalCert

Data Type

string

Default Value

Microsoft Entra ID

Remarks

• Microsoft Entra ID: Perform Microsoft Entra ID (user-based) OAuth authentication.
• AzureMSI: Automatically obtain Microsoft Entra ID Managed Service Identity credentials when running on an Azure VM.
• AzureServicePrincipal: Authenticate as a Microsoft Entra service principal (role-based, application-based) using a Client Secret.
• AzureServicePrincipalCert: Authenticate as a Microsoft Entra service principal (role-based, application-based) using a Certificate.

For information about creating a custom application to authenticate with Microsoft Entra ID, see Creating a Custom Authentication App.

For information about creating a custom application to authenticate with Microsoft Entra ID Service Principal, see Creating a Service Principal App in Entra ID (Microsoft Entra ID).

• Microsoft Entra ID: Perform Microsoft Entra ID (user-based) OAuth authentication.
• AzureMSI: Automatically obtain Microsoft Entra ID Managed Service Identity credentials when running on an Azure VM.

For information about creating a custom application to authenticate with Microsoft Entra ID, see Creating a Custom Authentication App.

Connection

This section provides a complete list of connection properties you can configure.

IncludeSharePointSites

Whether to retrieve drives for all SharePoint sites when querying Drives view. If 'true' the provider will retrieve all Site IDs recursively and for each of them issue a separate call to get their drives. Therefore, be aware that setting this property to 'true' may decrease performance for the Drives view.

Data Type

bool

Default Value

false

Remarks

This property affects only Drives views.

Azure Authentication

This section provides a complete list of Azure authentication properties you can configure.

AzureTenant

Identifies the Microsoft OneNote tenant being used to access data. Accepts either the tenant's domain name (for example, contoso.onmicrosoft.com) or its directory (tenant) ID.

Data Type

string

Default Value

""

Remarks

A tenant is a digital container for your organization's users and resources, managed through Microsoft Entra ID (formerly Microsoft Entra ID). Each tenant is associated with a unique directory ID, and often with a custom domain (for example, microsoft.com or contoso.onmicrosoft.com).

You can locate the directory (tenant) ID in the Microsoft Entra admin center by navigating to Microsoft Entra ID > Properties and copying the value labeled "Directory (tenant) ID".

This property is required in the following cases:

• When AuthScheme is set to AzureServicePrincipal or AzureServicePrincipalCert
• When AuthScheme is Microsoft Entra ID and the user account belongs to multiple tenants

You can provide the tenant value in one of two formats:

• A domain name (for example, contoso.onmicrosoft.com)
• A directory (tenant) ID in GUID format (for example, c9d7b8e4-1234-4f90-bc1a-2a28e0f9e9e0)

Specifying the tenant explicitly ensures that the authentication request is routed to the correct directory, which is especially important when a user belongs to multiple tenants or when using service principal–based authentication.

If this value is omitted when required, authentication may fail or connect to the wrong tenant. This can result in errors such as unauthorized or resource not found.

AzureEnvironment

Specifies the Azure network environment to which you will connect. Must be the same network to which your Azure account was added.

Possible Values

GLOBAL, CHINA, USGOVT, USGOVTDOD

Data Type

string

Default Value

GLOBAL

Remarks

Required if your Azure account is part of a different network than the Global network, such as China, USGOVT, or USGOVTDOD.

OAuth

This section provides a complete list of OAuth properties you can configure.

InitiateOAuth

Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working.

Possible Values

OFF, REFRESH, GETANDREFRESH

Data Type

string

Default Value

OFF

Remarks

OAuth is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. The OAuth flow defines the method to be used for logging in users, exchanging their credentials for an OAuth access token to be used for authentication, and providing limited access to applications.

Microsoft OneNote supports the following options for initiating OAuth access:

1. OFF: No automatic OAuth flow initiation. The OAuth flow is handled entirely by the user, who will take action to obtain their OAuthAccessToken. Note that with this setting the user must refresh the token manually and reconnect with an updated OAuthAccessToken property when the current token expires.
2. GETANDREFRESH: The OAuth flow is handled entirely by the connector. If a token already exists, it is refreshed when necessary. If no token currently exists, it will be obtained by prompting the user to login.
3. REFRESH: The user handles obtaining the OAuth Access Token and sets up the sequence for refreshing the OAuth Access Token. (The user is never prompted to log in to authenticate. After the user logs in, the connector handles the refresh of the OAuth Access Token.

OAuthClientId

Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication.

Data Type

string

Default Value

""

Remarks

This property is required when using a custom OAuth application, such as in web-based authentication flows, service-based authentication, or certificate-based flows that require application registration. It is also required if an embedded OAuth application is not available for the driver. When an embedded OAuth application is available, this value may already be provided by the connector and not require manual entry.

This value is generally used alongside other OAuth-related properties such as OAuthClientSecret and OAuthSettingsLocation when configuring an authenticated connection.

OAuthClientId is one of the key connection parameters that need to be set before users can authenticate via OAuth. You can typically find this value in your identity provider’s application registration settings. Look for a field labeled Client ID, Application ID, or Consumer Key.

While the client ID is not considered a confidential value like a client secret, it is still part of your application's identity and should be handled carefully. Avoid exposing it in public repositories or shared configuration files.

OAuthClientSecret

Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server.

Data Type

string

Default Value

""

Remarks

This property is required when using a custom OAuth application in any flow that requires secure client authentication, such as web-based OAuth, service-based connections, or certificate-based authorization flows. It is not required when using an embedded OAuth application.

The client secret is used during the token exchange step of the OAuth flow, when the driver requests an access token from the authorization server. If this value is missing or incorrect, authentication will fail, and the server may return an invalid_client or unauthorized_client error.

OAuthClientSecret is one of the key connection parameters that need to be set before users can authenticate via OAuth. You can obtain this value from your identity provider when registering the OAuth application. It may be referred to as the client secret, application secret, or consumer secret.

This value should be stored securely and never exposed in public repositories, scripts, or unsecured environments. Client secrets may also expire after a set period. Be sure to monitor expiration dates and rotate secrets as needed to maintain uninterrupted access.

OAuthAccessToken

Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange.

Data Type

string

Default Value

""

Remarks

The OAuthAccessToken is a temporary credential that authorizes access to protected resources. It is typically returned by the identity provider after the user or client application completes an OAuth authentication flow. This property is most commonly used in automated workflows or custom OAuth implementations where you want to manage token handling outside of the driver.

The OAuth access token has a server-dependent timeout, limiting user access. This is set using the OAuthExpiresIn property. However, it can be reissued between requests to keep access alive as long as the user keeps working.

If InitiateOAuth is set to REFRESH, we recommend that you also set both OAuthExpiresIn and OAuthTokenTimestamp. The connector uses these properties to determine when the token expires so it can refresh most efficiently. If OAuthExpiresIn and OAuthTokenTimestamp are not specified, the connector refreshes the token immediately.

Access tokens should be treated as sensitive credentials and stored securely. Avoid exposing them in logs, scripts, or configuration files that are not access-controlled.

OAuthSettingsLocation

Specifies the location of the settings file where OAuth values are saved. Storing OAuth settings in a central location avoids the need for users to enter OAuth connection properties manually each time they log in. It also enables credentials to be shared across connections or processes.

Data Type

string

Default Value

%APPDATA%\OneNote Data Provider\OAuthSettings.txt

Remarks

You can store OAuth values in a central file for shared access to those values, in either of the following ways:

• Set InitiateOAuth to either GETANDREFRESH or REFRESH and specify a filepath to the OAuth settings file.
• Use memory storage to load the credentials into static memory.

The following sections provide more detail on each of these methods.

Specifying the OAuthSettingsLocation Filepath

The default OAuth setting location is %APPDATA%\OneNote Data Provider\OAuthSettings.txt, with %APPDATA% set to the user's configuration directory.

Default values vary, depending on the user's operating system.

• Windows (ODBC and Power BI): registry://%DSN%
• Windows: %APPDATA%OneNote Data Provider\OAuthSettings.txt
• Mac: %APPDATA%//OneNote Data Provider/OAuthSettings.txt
• Linux: %APPDATA%//OneNote Data Provider/OAuthSettings.txt

Loading Credentials Via Memory Storage

Memory locations are specified by using a value starting with memory://, followed by a unique identifier for that set of credentials (for example, memory://user1). The identifier can be anything you choose, but it should be unique to the user.

Unlike file-based storage, where credentials persist across connections, memory storage loads the credentials into static memory and the credentials are shared between connections using the same identifier for the life of the process. To persist credentials outside the current process, you must manually store the credentials prior to closing the connection. This enables you to set them in the connection when the process is started again.

To retrieve OAuth property values, query the sys_connection_props system table. If there are multiple connections using the same credentials, the properties are read from the previously closed connection.

Supported Storage Types

• memory://: Stores OAuth tokens in-memory (unique identifier, shared within same process, etc.)
• registry://: Only supported in the Windows ODBC and Power BI editions. Stores OAuth tokens in the registry under the DSN settings. Must end in a DSN name like registry://Microsoft OneNote connector Data Source, or registry://%DSN%.
• %DSN%: The name of the DSN you are connecting with.
• Default (no prefix): Stores OAuth tokens within files. The value can be either an absolute path, or a path starting with %APPDATA% or %PROGRAMFILES%.

CallbackURL

Identifies the URL users return to after authenticating to Microsoft OneNote via OAuth. (Custom OAuth applications only.).

Data Type

string

Default Value

""

Remarks

If you created a custom OAuth application, the OAuth authorization server redirects the user to this URL during the authentication process. This value must match the callback URL you specified when you Configured the custom OAuth application.

Scope

Specifies the scope of the authenticating user's access to the application. Generally specified at the time the custom OAuth application is created (if necessary), so that the authenticating user can obtain the the level of access appropriate to their credentials.

Data Type

string

Default Value

""

Remarks

Scopes are set to define what kind of access the authenticating user will have; for example, read, read and write, restricted access to sensitive information. System administrators can use scopes to selectively enable access by functionality or security clearance.

When InitiateOAuth is set to GETANDREFRESH, you must use this property if you want to change which scopes are requested. When InitiateOAuth is set to either REFRESH or OFF, you can use either this property or the Scope input to change which scopes are requested.

OAuthVerifier

Specifies a verifier code returned from the OAuthAuthorizationURL. Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set.

Data Type

string

Default Value

""

OAuthRefreshToken

Specifies the OAuth refresh token used to request a new access token after the original has expired.

Data Type

string

Default Value

""

Remarks

The refresh token is used to obtain a new access token when the current one expires. It enables seamless authentication for long-running or automated workflows without requiring the user to log in again. This property is especially important in headless, CI/CD, or server-based environments where interactive authentication is not possible.

The refresh token is typically obtained during the initial OAuth exchange by calling the GetOAuthAccessToken stored procedure. After that, it can be set using this property to enable automatic token refresh, or passed to the RefreshOAuthAccessToken stored procedure if you prefer to manage the refresh manually.

When InitiateOAuth is set to REFRESH, the driver uses this token to retrieve a new access token automatically. After the first refresh, the driver saves updated tokens in the location defined by OAuthSettingsLocation, and uses those values for subsequent connections.

The OAuthRefreshToken should be handled securely and stored in a trusted location. Like access tokens, refresh tokens can expire or be revoked depending on the identity provider’s policies.

OAuthExpiresIn

Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working.

Data Type

string

Default Value

""

Remarks

The OAuth Access Token is assigned to an authenticated user, granting that user access to the network for a specified period of time. The access token is used in place of the user's login ID and password, which stay on the server.

An access token created by the server is only valid for a limited time. OAuthExpiresIn is the number of seconds the token is valid from when it was created. For example, a token generated at 2024-01-29 20:00:00 UTC that expires at 2024-01-29 21:00:00 UTC (an hour later) would have an OAuthExpiresIn value of 3600, no matter what the current time is.

To determine how long the user has before the Access Token will expire, use OAuthTokenTimestamp.

OAuthTokenTimestamp

Displays a Unix epoch timestamp in milliseconds that shows how long ago the current Access Token was created.

Data Type

string

Default Value

""

Remarks

The OAuth Access Token is assigned to an authenticated user, granting that user access to the network for a specified period of time. The access token is used in place of the user's login ID and password, which stay on the server.

An access token created by the server is only valid for a limited time. OAuthTokenTimestamp is the Unix timestamp when the server created the token. For example, OAuthTokenTimestamp=1706558400 indicates the OAuthAccessToken was generated by the server at 2024-01-29 20:00:00 UTC.

JWT OAuth

This section provides a complete list of JWT OAuth properties you can configure.

OAuthJWTCert

Supplies the name of the client certificate's JWT Certificate store.

Data Type

string

Default Value

""

Remarks

The OAuthJWTCertType field specifies the type of the certificate store specified in OAuthJWTCert. If the store is password-protected, use OAuthJWTCertPassword to supply the password..

OAuthJWTCert is used in conjunction with the OAuthJWTCertSubject field in order to specify client certificates.

If OAuthJWTCert has a value, and OAuthJWTCertSubject is set, the Microsoft OneNote connector initiates a search for a certificate. For further information, see OAuthJWTCertSubject.

Designations of certificate stores are platform-dependent.

Notes

• The most common User and Machine certificate stores in Windows include:

  • MY: A certificate store holding personal certificates with their

    associated private keys.

  • CA: Certifying authority certificates.

  • ROOT: Root certificates.

  • SPC: Software publisher certificates.

  • In Java, the certificate store normally is a file containing certificates and optional private keys.
  • When the certificate store type is PFXFile, this property must be set to the name of the file.
  • When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

OAuthJWTCertType

Identifies the type of key store containing the JWT Certificate.

Possible Values

USER, MACHINE, PFXFILE, PFXBLOB, JKSFILE, JKSBLOB, PEMKEY_FILE, PEMKEY_BLOB, PUBLIC_KEY_FILE, PUBLIC_KEY_BLOB, SSHPUBLIC_KEY_FILE, SSHPUBLIC_KEY_BLOB, P7BFILE, PPKFILE, XMLFILE, XMLBLOB, BCFKSFILE, BCFKSBLOB

Data Type

string

Default Value

USER

Remarks

OAuthJWTCertPassword

Provides the password for the OAuth JWT certificate used to access a password-protected certificate store. If the certificate store does not require a password, leave this property blank.

Data Type

string

Default Value

""

Remarks

This property specifies the password needed to open a password-protected certificate store. To determine if a password is necessary, refer to the documentation or configuration for your specific certificate store.

OAuthJWTCertSubject

Identifies the subject of the OAuth JWT certificate used to locate a matching certificate in the store. Supports partial matches and the wildcard '*' to select the first certificate.

Data Type

string

Default Value

*

Remarks

The value of this property is used to locate a matching certificate in the store. The search process works as follows:

• If an exact match for the subject is found, the corresponding certificate is selected.
• If no exact match is found, the store is searched for certificates whose subjects contain the property value.
• If no match is found, no certificate is selected.

You can set the value to '*' to automatically select the first certificate in the store. The certificate subject is a comma-separated list of distinguished name fields and values. For example: CN=www.server.com, OU=test, C=US, E=example@jbexample.com. Common fields include:

If a field value contains a comma, enclose it in quotes. For example: "O=ACME, Inc.".

SSL

This section provides a complete list of SSL properties you can configure.

SSLServerCert

Specifies the certificate to be accepted from the server when connecting using TLS/SSL.

Data Type

string

Default Value

""

Remarks

If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.

This property can take the following forms:

If not specified, any certificate trusted by the machine is accepted.

Certificates are validated as trusted by the machine based on the System's trust store. The trust store used is the 'javax.net.ssl.trustStore' value specified for the system. If no value is specified for this property, Java's default trust store is used (for example, JAVA_HOME\lib\security\cacerts).

Use '*' to signify to accept all certificates. Note that this is not recommended due to security concerns.

Schema

This section provides a complete list of schema properties you can configure.

Location

Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path.

Data Type

string

Default Value

%APPDATA%\OneNote Data Provider\Schema

Remarks

The Location property is only needed if you want to either customize definitions (for example, change a column name, ignore a column, etc.) or extend the data model with new tables, views, or stored procedures.

If left unspecified, the default location is %APPDATA%\OneNote Data Provider\Schema, where %APPDATA% is set to the user's configuration directory:

BrowsableSchemas

Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.

Data Type

string

Default Value

""

Remarks

Listing all available database schemas can take extra time, thus degrading performance. Providing a list of schemas in the connection string saves time and improves performance.

Tables

Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA,TableB,TableC.

Data Type

string

Default Value

""

Remarks

Listing all available tables from some databases can take extra time, thus degrading performance. Providing a list of tables in the connection string saves time and improves performance.

If there are lots of tables available and you already know which ones you want to work with, you can use this property to restrict your viewing to only those tables. To do this, specify the tables you want in a comma-separated list. Each table should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Tables=TableA,[TableB/WithSlash],WithCatalog.WithSchema.`TableC With Space`.

Views

Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC.

Data Type

string

Default Value

""

Remarks

Listing all available views from some databases can take extra time, thus degrading performance. Providing a list of views in the connection string saves time and improves performance.

If there are lots of views available and you already know which ones you want to work with, you can use this property to restrict your viewing to only those views. To do this, specify the views you want in a comma-separated list. Each view should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Views=ViewA,[ViewB/WithSlash],WithCatalog.WithSchema.`ViewC With Space`.

Miscellaneous

This section provides a complete list of miscellaneous properties you can configure.

GroupId

Specify this GroupId in order to access the OneNote documents for this group.

Data Type

string

Default Value

""

Remarks

Specify this GroupId in order to access the OneNote documents for this group.

MaxRows

Specifies the maximum rows returned for queries without aggregation or GROUP BY.

Data Type

int

Default Value

-1

Remarks

This property sets an upper limit on the number of rows the connector returns for queries that do not include aggregation or GROUP BY clauses. This limit ensures that queries do not return excessively large result sets by default.

When a query includes a LIMIT clause, the value specified in the query takes precedence over the MaxRows setting. If MaxRows is set to "-1", no row limit is enforced unless a LIMIT clause is explicitly included in the query.

This property is useful for optimizing performance and preventing excessive resource consumption when executing queries that could otherwise return very large datasets.

Other

Specifies additional hidden properties for specific use cases. These are not required for typical provider functionality. Use a semicolon-separated list to define multiple properties.

Data Type

string

Default Value

""

Remarks

This property allows advanced users to configure hidden properties for specialized scenarios. These settings are not required for normal use cases but can address unique requirements or provide additional functionality. Multiple properties can be defined in a semicolon-separated list.

Specify multiple properties in a semicolon-separated list.

Integration and Formatting

PseudoColumns

Specifies the pseudocolumns to expose as table columns. Use the format 'TableName=ColumnName;TableName=ColumnName'. The default is an empty string, which disables this property.

Data Type

string

Default Value

""

Remarks

This property allows you to define which pseudocolumns the connector exposes as table columns.

To specify individual pseudocolumns, use the following format: "Table1=Column1;Table1=Column2;Table2=Column3"

To include all pseudocolumns for all tables use: "*=*"

Timeout

Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. The default is 60 seconds. Set to 0 to disable the timeout.

Data Type

int

Default Value

60

Remarks

This property controls the maximum time, in seconds, that the connector waits for an operation to complete before canceling it. If the timeout period expires before the operation finishes, the connector cancels the operation and throws an exception.

The timeout applies to each individual communication with the server rather than the entire query or operation. For example, a query could continue running beyond the timeout value if each paging call completes within the timeout limit.

Setting this property to 0 disables the timeout, allowing operations to run indefinitely until they succeed or fail due to other conditions such as server-side timeouts, network interruptions, or resource limits on the server. Use this property cautiously to avoid long-running operations that could degrade performance or result in unresponsive behavior.

UserDefinedViews

Specifies a filepath to a JSON configuration file defining custom views. The provider automatically detects and uses the views specified in this file.

Data Type

string

Default Value

""

Remarks

This property allows you to define and manage custom views through a JSON-formatted configuration file called UserDefinedViews.json. These views are automatically recognized by the connector and enable you to execute custom SQL queries as if they were standard database views. The JSON file defines each view as a root element with a child element called "query", which contains the SQL query for the view. For example:

{
    "MyView": {
        "query": "SELECT * FROM Notebooks WHERE MyColumn = 'value'"
    },
    "MyView2": {
        "query": "SELECT * FROM MyTable WHERE Id IN (1,2,3)"
    }

}

You can define multiple views in a single file and specify the filepath using this property. For example: UserDefinedViews=C:\Path\To\UserDefinedViews.json. When you use this property, only the specified views are seen by the connector.

Refer to User Defined Views for more information.

UserId

Specify this UserId in order to access the OneNote documents for this user.

Data Type

string

Default Value

""

Remarks

Specify this UserId in order to access the OneNote documents for this user.