Microsoft Graph - me/ownedObjects- Insufficient privileges to complete the operation

2
votes

We have been using the Microsoft Graph endpoint /v1.0/me/ownedObjects for a while to get a list of owned groups.

Today we are suddenly getting the following error if we call this endpoint without sending in a filter param (e.g. $select=id eq 'GroupId').

This has been working fine for us to get the list of owned groups, but if this isn't sorted our we are going to have to re-write how we get this list of owned groups. Any ideas why this might have started happening today?

From what we can figure out this is only affecting certain users.

In regards to the permissions, we have from the list listed in the documentation we are only using User.Read.All

{
  "error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "d1c4149d-a64e-4608-8cdf-50076c485dce",
      "date": "2019-09-12T14:56:22"
    }
  }
}
1
azure-active-directorymicrosoft-graph-api
Did you have a retry with Microsoft Graph Explorer to call the same endpoint? Reassign the required permissions in Graph Explorer may be helpful.Allen Wu
@allen-wu - thanks for the suggestion. Unfortunately this makes no differenceRobert Thorne
Have you tried to reassign the permissions in Azure AD app? It seems that the change is from Microsoft server. You can contact Azure Support for GraphAPI issues to track your request.Allen Wu

1 Answers

1
votes

I have tested it from my side. The permission User.Read.All works fine for /v1.0/me/ownedObjects for each type of user.

So this issue seems to be from Microsoft service. You can contact Azure Support for GraphAPI issues to track your request.