Comments on: How to Figure Out What Microsoft Graph Permissions You Need

By: Khanh Le

Khanh Le — Thu, 25 Apr 2024 08:15:15 +0000

Hi Tony
I consent single user using powershell with 3 permissions: openid, email, offline_access. However, now I want to use the command and remove 1 of the 3 above pemission for that user, how do I do it?

By:

Tony Redmond

The Real Person!

Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

Tony Redmond — Mon, 11 Mar 2024 06:11:23 +0000

In reply to Zain. It's explained in the article.

By: Zain

Zain — Mon, 11 Mar 2024 06:05:24 +0000

In reply to

Tony Redmond

. Thank you for your response Tony. Yes I'm trying to fetch specific user's data for a project. Can you please explain the application permission thing as I'm new to it or you may refer to some post or blog.

By: Tony Redmond

Tony Redmond — Mon, 11 Mar 2024 06:01:10 +0000

In reply to Zain. Are you trying to access someone else's account? If so, you need application permission, not the delegated permission assigned by default.

By: Zain

Zain — Mon, 11 Mar 2024 05:56:28 +0000

Hi Tony! Thank you for a great description!
I’m executing Graph API “https://graph.microsoft.com/beta/users” using power automate workflow and it works fine. But when I try to filter my data i.e, “https://graph.microsoft.com/beta/users?$filter=mail eq ‘xyz@email.com'”, it throws an error saying “Insufficient privileges to complete the operation”. Kindly guide me in this regard. Thanks.

By:

Tony Redmond

The Real Person!

Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

Tony Redmond — Fri, 16 Feb 2024 18:24:21 +0000

In reply to Rahul. Given that I can't see what's happening in your tenant, you should file a support call with Microsoft and have them check things out.

By: Rahul

Rahul — Fri, 16 Feb 2024 17:56:49 +0000

In reply to

Tony Redmond

. Thanks, Tony for your quick responses, yes initially I thought so, but this user can delete dataset where it has no access.

By: Tony Redmond

Tony Redmond — Fri, 16 Feb 2024 17:37:14 +0000

In reply to Rahul.

https://learn.microsoft.com/en-us/powershell/module/microsoftpowerbimgmt.profile/invoke-powerbirestmethod?view=powerbi-ps documents the cmdlet as a helper function to run a BI command using the signed-in profile. That sounds like the account is able to work with the data they have access to and is able to delete a dataset. Have you tried to run the cmdlet and attempt to delete a dataset that the user can’t access?

By: Rahul

Rahul — Fri, 16 Feb 2024 17:28:21 +0000

In reply to

Tony Redmond

. If user can run below command, Invoke-PowerBIRestMethod -Url 'groups/{groupid}/datasets/{datasetid}' -Method DELETE, which means a user got the permission scope - Dataset.ReadWrite.All. So, if I want to know, who all users can do this.

By: Tony Redmond

Tony Redmond — Fri, 16 Feb 2024 17:17:49 +0000

In reply to Rahul K. What do you mean API permissions a user has?

Comments on: How to Figure Out What Microsoft Graph Permissions You Need

By: Khanh Le

By: Tony Redmond The Real Person! Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

By: Zain

By: Tony Redmond

By: Zain

By: Tony Redmond The Real Person! Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

By: Rahul

By: Tony Redmond

By: Rahul

By: Tony Redmond

By:

Tony Redmond

The Real Person!

Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

By:

Tony Redmond

The Real Person!

Author Tony Redmond acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.