How do I resolve an Insufficient privileges to complete the operation error while sending PostAsCheckMemberGroupsPostResponseAsync?

Kripa Tharakan 0 Reputation points
2024-05-29T05:23:20.0966667+00:00

I want to check if a certain user ID is present in a specified list of AD groups. I am using the code snippet available for C# from the documentation: https://learn.microsoft.com/en-us/graph/api/directoryobject-checkmembergroups?view=graph-rest-1.0&tabs=csharp#example-1-check-group-memberships-for-a-directory-object.

However, when I execute the code (part of an API on Swagger), I get an error response stating: Microsoft.Graph.Models.ODataErrors.ODataError: Insufficient privileges to complete the operation.

In my appsettings.json, I have configured the tenant ID, client ID and secret with an application that has all the required Microsoft graph API permissions (Directory.Read.All, Group.Read.All, User.Read.All, GroupMember.Read.All).

What other possible reasons could this be failing due to?

Microsoft Security | Microsoft Graph
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. CarlZhao-MSFT 46,376 Reputation points
    2024-05-29T08:14:49.9933333+00:00

    Hi @Kripa Tharakan

    If you are using an app-only context, then make sure you assign application permissions to the calling app, not delegated permissions. You also need to make sure you have granted admin consent for the permissions above.

    961d1fa7-abf8-4895-b480-912aa9bdb1b3

    User's image

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.