Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,568 questions
UnauthorizedAccessException while Create governanceRoleAssignmentRequest via Microsoft Graph api
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 23%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKV%3C/text%3E%3C/svg%3E)
Karthikeyan Valliannan
1
Reputation point
My requirement is to Assign the 'User Access administrator' role Azure AD security Group using the microsoft graph api.
My registered app in azure AD have the below API permission,
Directory.Read.All
PrivilegedAccess.ReadWrite.AzureAD
PrivilegedAccess.ReadWrite.AzureResources
Below is the request body
{
"roleDefinitionId": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"resourceId": "<subscription Id>",
"subjectId": "<Azure AD group Object Id>",
"assignmentState": "Eligible",
"type": "AdminAdd",
"reason": "Assign an eligible role",
"schedule": {
"startDateTime": "2021-12-08T23:37:43.356Z",
"endDateTime": "2021-12-10T23:37:43.356Z",
"type": "Once"
}
}
while executing getting the below response
{
"error": {
"code": "UnauthorizedAccessException",
"message": "Attempted to perform an unauthorized operation.",
"innerError": {
"date": "2021-12-09T07:52:42",
"request-id": "c111b180-322a-41f9-b072-29385b4b2199",
"client-request-id": "c111b180-322a-41f9-b072-29385b4b2199"
}
}
}
{count} votes
-
CarlZhao-MSFT 36,891 Reputation points2021-12-10T03:09:35.6+00:00 Hi @Karthikeyan Valliannan I am discussing this issue with my colleagues and will update you once we have any updates.
Sign in to comment