MS Graph Insufficient privileges to complete the operation

Anonymous
2023-05-23T15:16:48.7+00:00

This is the request:
[5:11 PM] Stefano Frediani

Request URL:

https://graph.microsoft.com/v1.0/users/e59d1461-8086-4d29-8fbb-b5cbf974d773

Request Method:

PATCH

Status Code:

403 Forbidden

Authorization:

Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IjBXWEV4V2RFRXhQc0ozSlBKblAwQzg0LWdZVEpMNkFwcFVlcVlzNDdqbG8iLCJhbGciOiJSUzI1NiIsIng1dCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyIsImtpZCI6Ii1LSTNROW5OUjdiUm9meG1lWm9YcWJIWkdldyJ9.eyJhdWQiOiIwMDAwMDAwMy0wMDAwLTAwMDAtYzAwMC0wMDAwMDAwMDAwMDAiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC81ZjI4NjBmYS02MWYwLTRmNDktYWU2Mi03YzFmZjE2YjAzMWIvIiwiaWF0IjoxNjg0ODU0MzUxLCJuYmYiOjE2ODQ4NTQzNTEsImV4cCI6MTY4NDg1OTMxOCwiYWNjdCI6MSwiYWNyIjoiMSIsImFpbyI6IkFVUUF1LzhUQUFBQWQwbStJcE5OY25QdzBlOVhyVlBoS0t4VkNOc1g3TFo1aVRTcFlidUo4TVk3ays5UDNJU3dsVTg4YkltS0NWY2tHNWFxTWwyaXkvWTdCQTA3YUpDWHNBPT0iLCJhbHRzZWNpZCI6IjU6OjEwMDNCRkZEOUZDNEIzMjkiLCJhbXIiOlsicHdkIl0sImFwcF9kaXNwbGF5bmFtZSI6InN1aXRlLXZhbnRlYSIsImFwcGlkIjoiOGEzOTdiYjUtYjI3My00NTFkLTljMzEtZjU5YTU1OWM3MmFmIiwiYXBwaWRhY3IiOiIwIiwiZW1haWwiOiJzdGVmYW5vLmZyZWRpYW5pQHZhbnRlYS5jb20iLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wZTNlMmQxNC0xYTkyLTRmODUtYmQ1ZS1lMTFmNGI4OWQ5OGIvIiwiaWR0eXAiOiJ1c2VyIiwiaXBhZGRyIjoiMi4zOC42Ny4xNDIiLCJuYW1lIjoiU3RlZmFubyBGcmVkaWFuaSIsIm9pZCI6IjJiMmFjOTM3LTRmMzktNDczYi05ZjVkLTA3YzY5M2EzZjc4MiIsInBsYXRmIjoiMyIsInB1aWQiOiIxMDAzMjAwMkE1MkMxOUY2IiwicmgiOiIwLkFYb0EtbUFvWF9CaFNVLXVZbndmOFdzREd3TUFBQUFBQUFBQXdBQUFBQUFBQUFCNkFDSS4iLCJzY3AiOiJBcHBSb2xlQXNzaWdubWVudC5SZWFkV3JpdGUuQWxsIERpcmVjdG9yeS5SZWFkLkFsbCBEaXJlY3RvcnkuUmVhZFdyaXRlLkFsbCBHcm91cC5SZWFkLkFsbCBHcm91cC5SZWFkV3JpdGUuQWxsIEdyb3VwTWVtYmVyLlJlYWQuQWxsIEdyb3VwTWVtYmVyLlJlYWRXcml0ZS5BbGwgb3BlbmlkIHByb2ZpbGUgVXNlci5FbmFibGVEaXNhYmxlQWNjb3VudC5BbGwgVXNlci5NYW5hZ2VJZGVudGl0aWVzLkFsbCBVc2VyLlJlYWQgVXNlci5SZWFkLkFsbCBVc2VyLlJlYWRCYXNpYy5BbGwgVXNlci5SZWFkV3JpdGUgVXNlci5SZWFkV3JpdGUuQWxsIGVtYWlsIiwic3ViIjoiYkJPUmtPdEJPcURzb19MVkRicDljQzJQT3pfb0xyZUtTYlBkLTlsWm9LYyIsInRlbmFudF9yZWdpb25fc2NvcGUiOiJFVSIsInRpZCI6IjVmMjg2MGZhLTYxZjAtNGY0OS1hZTYyLTdjMWZmMTZiMDMxYiIsInVuaXF1ZV9uYW1lIjoic3RlZmFuby5mcmVkaWFuaUB2YW50ZWEuY29tIiwidXRpIjoicmpPbTIxa2M3a3VqbXlaSG1xQXJBQSIsInZlciI6IjEuMCIsIndpZHMiOlsiMTNiZDFjNzItNmY0YS00ZGNmLTk4NWYtMThkM2I4MGYyMDhhIl0sInhtc19zdCI6eyJzdWIiOiJDSFFadnBIZjhVVmJZdl95VENUUGxDTjNldnphZGYxMXVRSWZLOHVPWl9NIn0sInhtc190Y2R0IjoxMzgxNzkwNjgyLCJ4bXNfdGRiciI6IkVVIn0.V2y6sKGAa3n4ZCvc-r16D2FiAAv17wK72J5k2GgbnPQzcPcL-Gkgx5Ou9OS1I3Zr9qcvlHcrj705HXTyzKRhQ_nYTZGMFDnFZLVTrvegJReyB5tSDt0VP2zP8mAKZMyL59MoKsrDjkyVhKG_31BxG1PCFlAgLy89hXmC_A5TQDZZOCkq9rIh-MK2epCShv79Y8qIYTyBDVu9NjFh6HwJMyRJl0ltfI5Jy6A_uGExEgVEaGx3sXrq9gEKF-2tHKI_-Kgpe-rR4MXNgGtQfkjJoHN3Gcc6Gy7BD1RYg6tV8XALwG5VmVItlswk1MWkrtggVw5TpBrM9XhZTuXUakB0ag

PAYLOAD

{"id":"e59d1461-8086-4d29-8fbb-b5cbf974d773","mail":"******@vantea.com","extension_8a397bb5b273451d9c31f59a559c72af_modTpRuolo":"MOD_TP@TERZAPARTE","extension_8a397bb5b273451d9c31f59a559c72af_modTpAzienda":"00024"}

This is the response:

{
   "error":{
      "code":"Authorization_RequestDenied",
      "message":"Insufficient privileges to complete the operation.",
      "innerError":{
         "date":"2023-05-23T15:11:03",
         "request-id":"3a806aaa-7c3f-4203-91d2-67c77492a31f",
         "client-request-id":"0436e1fa-d813-eff0-39a5-41af61cfc0f5"
      }
   }
}

this is the API permissions of the Application
User's image

Microsoft Security | Microsoft Graph
0 comments No comments
{count} votes

Accepted answer
  1. CarlZhao-MSFT 46,376 Reputation points
    2023-05-24T07:57:49.12+00:00

    Hi @Simone Leo

    Guest users must be granted the User Administrator role to modify users in the tenant.

    User's image

    6

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    2 people found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Darrel Miller 11 Reputation points Microsoft Employee
    2023-05-23T19:53:33.55+00:00

    The most likely reason for this error is that the user who made the call is not a member of the appropriate administrative role in order to allow them to make a change to a different user's profile.

    In this case the error is not saying that the application cannot make this call, it is saying the signed in user cannot make this call.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.