I created some custom directory roles with specific permissions. I have to list these custom roles in a programmatic way.
This gives list of all directory roles in Graph
https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions
Attempted changing query with filter but throwing Bad Request
https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions?$filter=isBuiltIn eq 'false'
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"date": "2022-12-07T04:25:04",
"request-id": "09f4f286-8088-4a17-881b-584377fe8c58",
"client-request-id": "638047c0-e1e5-40e0-b166-416aacd1cc6a"
} } }
I tried to reproduce the same in my environment and got below results:
In Azure Portal, I applied filter with Type: Custom and got custom directory roles as below:
To get this list from Graph API, I ran the same query as you and got same error as below:
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions?$filter=isBuiltIn eq 'false'
Response:
To resolve the error, I modified the query and got the results successfully like below:
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions?$filter=(isBuiltIn eq false)&$select=displayName,id,isBuiltIn
Response:
Related
My requirement is to get only the document library list of SharePoint via Rest API.
I added Files.ReadWrite.All application permission and got token with scope: https://graph.microsoft.com/.default
To filter only document library of SharePoint, I'm using this:
GET https://graph.microsoft.com/v1.0/sites/siteid/drives?$filter=(driveType eq "documentLibrary")
This threw me "400 Bad Request". I have no idea why I am getting this error. The complete error looks like:
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
}
}
Did anyone face the same scenario? I am totally confused. How to get rid of it? How to add filters in the Graph api query?
I tried to reproduce same in my environment and got below results:
I created one Azure AD application and granted API permission like below:
I got the access token via Postman with same scope as below:
POST https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
client_id: client_id
grant_type:client_credentials
client_secret: client_secret
scope:https://graph.microsoft.com/.default
Response:
When I used the above token to call below query, I got the same error as you:
GET https://graph.microsoft.com/v1.0/sites/<siteID>/drives?$filter=(driveType eq "documentLibrary")
Response:
To resolve the error, try modifying your filter query like below:
GET https://graph.microsoft.com/v1.0/sites/<siteID>/drives?$filter=driveType eq 'documentLibrary' &$select=id,createdDateTime,name,webUrl,driveType
Response:
I am trying to access MS Graph API for updating user details.
I am using below but the filter criteria doesn't seem to work
PATCH https://graph.microsoft.com/v1.0/users?$filter=eq(extension_ce64b1571f694b84aeef256f85b7f49c_custom 'ABCD')
I am getting below error.
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"date": "2020-08-18T18:28:26",
"request-id": "5bbdc288-02b5-4b80-9ef4-707c12b7af47"
}
}
}
Updating by objectid is not an option and we need to use the custom attribute.
Please help.
The filter syntax in your request is incorrect. Please try below request which will fix your issue,
https://graph.microsoft.com/beta/users?$filter=(extension_f03e52a0a21349eebc055bbd0c920c0d_FavouriteSeason eq 'summer')
Before a day, the operation works fine.
https://microsoftgraph.chinacloudapi.cn/v1.0/users/{user_id}/drives
Suddenly, it keeps encounter this error:
{
"error": {
"code": "BadRequest",
"message": "Unable to retrieve user's mysite URL.",
"innerError": {
"request-id": "d50647af-33c2-4503-a6c1-eb046173108c",
"date": "2018-04-03T08:33:58"
}
}
}
I have checked the subscription and APP permission in graph API, all permission is enabled
And I have tested another APP using the same graph API permission which works fine.
Do not know what going wrong here
Thanks you.
I am attempting to use Intune specific beta Graph APIs to assign apps to an iOS managed app protection policy. I am able to create the app policies using the endpoint documented below:
https://graph.microsoft.io/en-us/docs/api-reference/beta/api/intune_mam_iosmanagedappprotection_create
When created via API, the app "deployedCount" is 0 until specific apps are added in the admin console UI.
Now, I am attempting to retrieve apps added to any policy by API using the endpoint documented below.
https://graph.microsoft.io/en-us/docs/api-reference/beta/api/intune_mam_mobileappidentifierdeployment_list
I get a 400 bad request response that appears to say this endpoint either does not exist or is not responding correctly. This seems unlike if I mistyped an endpoint.
Response I receive:
{
"error": {
"code": "No method match route template",
"message": "No OData route exists that match template ~/entityset/key/navigation with http verb GET for request /MAMAdmin/MAMAdminFEService/managedAppPolicies('T_338de6df-386d-4f1b-a51c-a0d189c61722')/mobileAppIdentifierDeployments.",
"innerError": {
"request-id": "79514f29-4dca-48a5-a2de-5d14138577d7",
"date": "2017-02-08T17:46:52"
}
}
}
Response if I mistyped:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'asdfasdf'.",
"innerError": {
"request-id": "e86d84ab-f062-4780-af3c-9afae6e7bc82",
"date": "2017-02-08T18:53:29"
}
}
}
Hello this is Alemeshet Alemu from MSFT.
Sorry, the API documentation is a bit out sync. Could you try with $expand?
GET /managedAppPolicies/{managedAppPoliciesId}?$expand=mobileAppIdentifierDeployments
Alemeshet Alemu (MSFT)
I am trying to add role to Azure AD user using Graph API.
I am forming the post request as specified in this msdn article. But the operation is not succeeded. The returned error is as below.
Request
URL: POST https:// graph.windows.net/myorganization/directoryRoles/474732f7-ab9e-4eb5-8689-f5a078f5ed5b/$links/members?api-version=1.6
post data:
{
"url": "https:// graph.windows.net/myorganization/directoryObjects/63d144b6-e2f2-4a4a-b623-13debfcb0ff0"
}
Response Data:
{
"odata.error": {
"code": "Request_ResourceNotFound",
"message": {
"lang": "en",
"value": "Resource '474732f7-ab9e-4eb5-8689-f5a078f5ed5b' does not exist or one of its queried reference-property objects are not present."
}
}
}
The error message says that the requested resource is not found, but when I list all the available directory roles using Graph API, it lists that particular directory role, so that particular directory role is already activated and its available. I am not sure about the second part ('queried reference-property') of the error message. Even MSDN has no documentation regarding this error.
I tested the API with 3 tenants, in that it failed for 2 tenants and succeeded for 1 tenant.
The below is the partial data(I have copied the role which I am trying to add user) of the request made for listing all available directory roles.
Request URL: GET https: //graph.windows.net/myorganization/directoryRoles?api-version=1.6 HTTP/1.1
Response: (partial)
{
"odata.type": "Microsoft.DirectoryServices.DirectoryRole",
"objectType": "Role",
"objectId": "474732f7-ab9e-4eb5-8689-f5a078f5ed5b",
"deletionTimestamp": null,
"description": "Service Support Administrator has access to perform common support tasks.",
"displayName": "Service Support Administrator",
"isSystem": true,
"roleDisabled": false,
"roleTemplateId": "f023fd81-a637-4b56-95fd-791ac0226033"
},
If I try to fetch the above role alone using the provided API then I am getting the same error.
Request URL : GET https:// graph.windows.net/test.onmicrosoft.com/directoryRoles/474732f7-ab9e-4eb5-8689-f5a078f5ed5b?api-version=1.6 HTTP/1.1
Response:
{"odata.error":{"code":"Request_ResourceNotFound","message":{"lang":"en","value":"Resource '474732f7-ab9e-4eb5-8689-f5a078f5ed5b' does not exist or one of its queried reference-property objects are not present."}}
Application Info:
The Azure AD Application has "Access your organization's directory" access right and I am accessing the application using the Global Administrator account.
I have tried giving "Directory Read Write" permission to the application, but same error is happening.