I am trying to auto-populate 4 user fields (JobTitle, Department, Office, Location) in a SharePoint list form using Power Apps.
I opened the SharePoint form from Power Apps to customize it. I connected to the Office365Users connector. The connector has my name/email on it.
I set each user field's card Default properties to:
Office365Users.UserProfileV2(DataCardValue2.Selected.Email).officeLocation ("officeLocation" or whatever field I want to auto-populate)
("DataCardValue2" is the People Picker Control in the SharePoint list)
When I select myself as the user, all 4 fields (JobTitle, Department, Office, Location) auto-populate perfectly, in testing as well as after the form has been published back to SharePoint.
However, if I select any other users, auto-populating is failing and I get the following error:
Office354Users.UserProfileV2 failed: {"error": {"code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": {"date": "2022-08-08T21:00:57", "request-id": "092ff1db-94ac-43dd-b30a-a8b41077b2cc", "client-request-id": "092ff1db-94ac-43dd-b30a-a8b41077b2cc"}}}
I had heard that using UserProfileV2 didn't require heightened permissions since it was only accessing a read-only copy of the data (and not writing anything).
I tried deleting the Office365Users connector and reconnecting it and still no luck. I'm new to Power Apps and hopefully this is an easy fix. Thanks.
Related
I am trying to get and analyze data from office 365 resource room booking data, for that I am using graph API to find meeting times,
https://graph.microsoft.com/v1.0/me/findMeetingTimes ,
this query perfectly working on Microsoft graph explorer after given permissions to calendar.ReadWrite and calendar.ReadWrite.Shared, but this is not working through api call in SharePoint page and postman test with same permissions given in azure WEB API.
it is returning below error
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "90f335e7-1955-48c2-a9e9-300ea232e181",
"date": "2018-10-26T07:47:13"
}
}
}
If any suggestion appreciated.
I'm assuming you are using the MSGraphClient inside of SPFx, it is using the delegated permissions (not app permissions as per the comment in this thread). Can you confirm you are using this? https://learn.microsoft.com/en-us/sharepoint/dev/spfx/use-msgraph
This api (https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_findmeetingtimes) requires "Calendars.Read.Shared, Calendars.ReadWrite.Shared" as you stated.
You would need to add additional permissions for this api call to work. As you only get User.Read.All for SPFx with MSGraphClient. This is documented here https://learn.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient
From your provided request Id, I can see that your request had these scopes, which is missing the Calendars.Read.Shared permissions scope.
"Mail.ReadWrite","User.ReadWrite.All","Calendars.Read","People.Read.All","Group.Read.All","Directory.ReadWrite.All","MailboxSettings.Read","Contacts.ReadWrite","Group.ReadWrite.All","Sites.Manage.All","User.Invite.All","Files.ReadWrite.All","Directory.Read.All","User.Read.All","Files.Read.All","Mail.Read","Calendars.ReadWrite","Mail.Send","MailboxSettings.ReadWrite","Contacts.Read","Sites.FullControl.All","Reports.Read.All"
Look into the permissions of findMeetingTimes. You mode of authentication could be the root cause. For me I was tryint to use Application mode and this is not supported in this API.
I used and alternative api, /calendar/getSchedule to achieve this. If you login as your userid use ME option or use application mode login to login and use {id|userPrincipalName} to get calendar details for any meeting room.
Refer: https://learn.microsoft.com/en-us/graph/api/calendar-getschedule?view=graph-rest-1.0&tabs=http
Graph API Explorer link below provides the basics on how to login and got good examples for Graph to begin with.
https://developer.microsoft.com/en-us/graph/graph-explorer
I have a simple logic app that picks up an XML file and translates it into X12. I am able to select schema and maps from the integration account in the designer with no problem. But when I add an "Encode to X12 by Agreement Name" step, I can't select the agreement name in the drop down box. There is an error message displayed that says "Could not retrieve values. error executing the api /listagreements". I tried to type the name manually, but then the app run fails on the X12 encode step with the text "Unauthorized" in the graphical runs history. A closer look at the error outputs shows this:
"body": {
"StatusCode": "Unauthorized",
"ErrorMessage": "Integration account operation failed with status code: Unauthorized and error AuthorizationFailed : The authentication credentials are not valid.",
"source": "x12-eus.azconn-eus.p.azurewebsites.net"
There is no mention of requiring credentials anywhere. The subscription is the free level and I have two trading partners, two schema, one map and one agreement.
Any help is appreciated.
Microsoft Graph API is yet to provide full support for dealing with Organizational Contacts under Office 365.
The beta version of the Microsoft Graph API supports some limited edit/update operations, as per the following page in the reference documentation:
https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/orgcontact_update
But using the same to update the surname (it is in the list of supported fields) field for a test orgContact, we are getting the following error in the JSON response in Microsoft Graph Explorer:
Unable to update the specified properties for objects that have originated within an external service.
This was the request I used in Microsoft Graph Explorer:
Request Query:
PATCH https://graph.microsoft.com/beta/contacts/fe851502-c15a-476b-bc68-bd2842721fb6
Request Body:
{
"surname": "TESTSURNAME"
}
And this is the full response:
{
"error": {
"code": "Request_BadRequest",
"message": "Unable to update the specified properties for objects that have originated within an external service.",
"innerError": {
"request-id": "608a620d-8911-4425-b70c-6e1fbdec59dc",
"date": "2018-04-03T12:52:25"
}
}
}
What could I be doing wrong?
What does it mean by originated within an external service?
Or if this a bug in the API, how do we report this / get this
fixed?
I played with this quite a bit now and I don't believe you're doing anything wrong - it's just that updating these fields isn't supported for now.
Looking at the error message, it appears there were several issues through MS Graph's lifetime, particularly when it came to users and groups (see this for example: New User.employeeId ExtensionProperty not working)
So my bet is that for Org contacts, the Graph API 'thinks' these properties are owned by Exchange Online.
Btw. I actually tried patching a few other properties, too; none of it worked out. I'm getting the same error you get for: businessPhones, city, country, department, displayName, givenname, surname, jobtitle, mobilePhone - so pretty much all of it except for companyName and mail where I get a read only error ("Property ... is read-only and cannot be set. ").
I guess the question is whether MSFT is planning to allow updating org contacts in the future - and if so, when. My understanding is that you can request something to be added to the Graph API here: https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/category/101632-microsoft-graph-o365-rest-apis
Is it possible to retrieve SharePoint sites that are available for given users through Microsoft Graph API. I looked into Graph API User (https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/user) and noticed that there is a relationship between user and site (sites). However, when I tried to use that one in Graph Explorer, I got the error "Unsupported segment type."
Request: https://graph.microsoft.com/v1.0/users/{user_id}/sites
{
"error": {
"code": "BadRequest",
"message": "Unsupported segment type. ODataQuery: users/{user_id}/sites",
"innerError": {
"request-id": "cf9dedff-5642-4a77-a179-3d63d2921a8a",
"date": "2017-05-17T19:46:29"
}
}
}
That was a documentation bug, the /sites/ collection is not available on the user object. I've committed a change to the docs to clean up the user object description and remove that reference.
I am curious what sort of information you'd want to see returned back from a query for /sites on a user. Are you just looking for all sites the user can access? You can accomplish that using the sites search API:
GET https://graph.microsoft.com/v1.0/sites?search={query}
Which returns you all sites the user can access that match the query text. If you leave the query text as an empty string, you receive a list of sites the user has access to.
I'm retrieving user information using the graph API (https://graph.microsoft.com/v1.0/me), but I'm only getting very little information:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#users/$entity",
"id": "e163a120378.....",
"userPrincipalName": "myemail#example.com"
}
(Omitting properties with null values)
I'm sure that this user has at least a name (and probably some other properties), and I am expecting it to be included in the response, but it's not.
The access token used for the request was requested with scope https://graph.microsoft.com/User.Read, using the token enpoint https://login.microsoftonline.com/common/oauth2/v2.0/authorize. I've tried many other scopes, without results.
How do I retrieve user information with more details, like a name?
To resolve this issue, you'll want to update this account's profile with First Name and Last Name via https://profile.live.com. Once populated, these values will surface within Graph.
There are multiple systems backing Microsoft Accounts. Graph is pulling the profile data from Outlook.com. The https://profile.live.com site holds the Outlook Profile which that Graph is reading from. Once a user visits Outlook.com, all of the profile data is provisioned and then synced with https://account.microsoft.com. Prior to that however, the Profile isn't fully populated.