This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 71%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
I created user using microsoft graph using below code.
final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(clientId)
.clientSecret(clientSecret)
.tenantId(tenantId)
.build();
final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(
Arrays.asList("https://graph.microsoft.com/.default"), clientSecretCredential);
GraphServiceClient graphClient = GraphServiceClient.builder()
.authenticationProvider(tokenCredentialAuthProvider).buildClient();
User user = registerUserReqToCreateMicGraphUser.convert(req);
user = graphClient.users().buildRequest().post(user);
I am getting error while assigning groups to user using user id.
Assign groups: <user id>, <roles> |
Eg:
Assign groups: 55119b37-c0d2-4fb2-bb52-7c39b4d81239, [XPC:MAS_CUSTOMER_BASIC] |
Requesting token to: https://api.hana.ondemand.com/oauth2/apitoken/v1?grant_type=client_credentials
xception org.springframework.web.client.HttpServerErrorException$InternalServerError: 500 : [{"code":"57d12c94-d0a0-48df-9f09-bdc81bcf6c24"}]
at org.springframework.web.client.HttpServerErrorException.create(HttpServerErrorException.java:100)
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:188)
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:125)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:819)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:777)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
at uk.co.keytree.xerox.services.scp.impl.ScpAuthorizationManagementService.assignGroups(ScpAuthorizationManagementService.java:84)
at uk.co.keytree.xerox.services.scp.impl.ScpAuthorizationManagementService.deleteAllAndAssignGroups(ScpAuthorizationManagementService.java:113)
Hi @Nagarajan, Divya (External)
What is the error message? Looks like a server issue.
how to assign roles group to the microsoft user?
Any changes to be done in Role assignments in Azure portal to assign roles to the user?
Which URL to refer for doing role assignments?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 7.000000000000001%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi @Nagarajan, Divya (External) ,
Here is the API to Grant an appRoleAssignment to a user :
POST /users/{id | userPrincipalName}/appRoleAssignments
For more information: https://learn.microsoft.com/en-us/graph/api/user-post-approleassignments?view=graph-rest-1.0&tabs=http#request
----------
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Hi @Nagarajan, Divya (External)
If you want to assign a role at the directory (Azure AD) level to a user, you can call the /roleManagement/directory/roleAssignments endpoint.
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignment",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"directoryScopeId": "/"
}
The roleDefinitionId is the template ID of the Azure AD role, refer to the relevant documentation.
The principalId is the object ID of the user.
Using the graph java SDK:
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleAssignment unifiedRoleAssignment = new UnifiedRoleAssignment();
unifiedRoleAssignment.roleDefinitionId = "{role id}";
unifiedRoleAssignment.principalId = "{object id of the user}";
unifiedRoleAssignment.directoryScopeId = "/";
graphClient.roleManagement().directory().roleAssignments()
.buildRequest()
.post(unifiedRoleAssignment);
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Nagarajan, Divya (External)
Would you please provide us with an update on the status of your issue?
Hi @Nagarajan, Divya (External)
I am checking to see if this issue is resolved or not. If you have any concerns, please feel free to reply.