Invalid object identifier when filtering users by appRoleAssignments

Stanislav Alekminskii 5 Reputation points
2024-08-23T14:29:28.84+00:00

I am trying to filter users using GraphAPI v1.0, providing the following filter to https://graph.microsoft.com/v1.0/users endpoint:

$filter=appRoleAssignments/any(a:a/id eq 'app_role_assignment_id')

where app_role_assignment_id is a value obtained from https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRolesAssignedTo endpoint.

This filter is described here: https://learn.microsoft.com/en-us/graph/aad-advanced-queries?tabs=http#user-properties as the supported by default.

But I receive the following error in response:

 "error": {
        "code": "Request_BadRequest",
        "message": "Invalid object identifier 'my value for app_role_assignment_id'.",
        "innerError": {
            ...
        }
    }

If I pass some User.Id (GUID) value as a right hand part of the filter, I receive the user with this ID.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,826 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. CarlZhao-MSFT 41,286 Reputation points
    2024-08-26T09:30:24.1766667+00:00

    Hi @Stanislav Alekminskii

    Based on my testing, it doesn't seem to be possible to filter the user set by giving the "appRoleAssignment_id". Because appRoleAssignments is a navigation property, not a built-in property, you can't get it directly, only through an extended property.

    However, $expand parameters do not currently support nested $filter parameters, which means that you can't filter when extending the appRoleAssignments property.

    I recommend that you filter the user set locally after extending the appRoleAssignments property:

    GET /users?$expand=appRoleAssignments
    

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.