Minimal required rights to query group member info Graph API

Frithjof 0 Reputation points
2024-06-04T11:11:39.94+00:00

Hello,

I am trying to figure out which rights would be minimal necessary to use this query:
GET https://graph.microsoft.com/v1.0/groups?$select=id,assignedLicenses&$filter=assignedLicenses/any()&$expand=members($select=id,displayName)

This is suggested at https://learn.microsoft.com/en-us/graph/api/group-list?view=graph-rest-1.0&tabs=http#example-7-list-any-groups-with-any-licenses-and-get-the-groups-members

I tried with Application rights "GroupMember.Read.All" and "User.ReadBasic.All" but with no success, I am always ending up with Error: 403 - {"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation."

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,109 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,160 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 143.8K Reputation points MVP
    2024-06-04T11:24:16.9533333+00:00

    Your query is attempting to get licensing data from members, not licensing groups as in your example.

    I would add User.Read.All application perms to view the member data as well.

    User.ReadBasic.All is prob too little:

    User's image

    0 comments No comments