Help on APIs and Permissions

Question

Help on APIs and Permissions

Roger Roger 7,061

I am using Privileged Identity Management (PIM) for Microsoft Entra Roles. I have granted users to the Global Reader, SharePoint Administrator, Teams Administrator, and Exchange Administrator roles. I am looking for APIs that can fetch all users who have granted access to the roles mentioned above. Please guide me on the appropriate APIs and whether app registration is required.If so, what permissions should be assigned to the app registration? I want to test this using Postman or Microsoft Graph Explorer (https://developer(dot)microsoft.com/en-us/graph/graph-explorer). If successful, I plan to integrate it into our in-house tool so that I can generate and export the report every month. Please guide me.

Navya 17,490 Reputation points Microsoft External Staff

2025-03-19T06:27:51.5733333+00:00

Hi @Roger Roger

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and "Up-Vote" for the same, which might be beneficial to other community members reading this thread. if you have any further query do let us know.
Navya 17,490 Reputation points Microsoft External Staff

2025-03-20T08:05:10.8033333+00:00

Hi @Roger Roger

Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Accepted answer

0 additional answers

Your answer

Navya 17,490 Reputation points Microsoft External Staff

2025-03-19T06:27:51.5733333+00:00

Hi @Roger Roger

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and "Up-Vote" for the same, which might be beneficial to other community members reading this thread. if you have any further query do let us know.
Navya 17,490 Reputation points Microsoft External Staff

2025-03-20T08:05:10.8033333+00:00

Hi @Roger Roger

Following up to see if the below answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 1

Hi @Roger Roger

I understand that you are looking for APIs to fetch all users who have been granted access to the Global Reader, SharePoint Administrator, Teams Administrator, and Exchange Administrator roles.

To execute the API below, you need to grant consent to the following permissions under Modify Permissions:

RoleManagement.ReadWrite.Directory
Directory.Read.All
Directory.ReadWrite.All
APIconnectors.Read.All
APIconnectors.ReadWrite.All

Use the script below and execute it in Graph Explorer.

POST https://graph.microsoft.com/v1.0/$batch
Content-Type: application/json (under request headers)
{
  "requests": [
    {
      "id": "1",
      "method": "GET",
      "url": "/directoryRoles(roleTemplateId='f28a1f50-f6e7-4571-818b-6a12f2af6b6c')/members"
    },
    {
      "id": "2",
      "method": "GET",
      "url": "/directoryRoles(roleTemplateId='f2ef992c-3afb-46b9-b7cf-a126ee74c451')/members"
    },
    {      
      "id": "3",      
       "method": "GET",      
       "url": "/directoryRoles(roleTemplateId='69091246-20e8-4a56-aa4d-066075b2a7a8')/members"
     {
      "id": "4",
      "method": "GET",
      "url": "/directoryRoles(roleTemplateId='29232cdf-9323-42fd-ade2-1d097af3e4de')/members"
    }
  ]
}

User's image

Hope this helps. Do let us know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Share via

Help on APIs and Permissions

0 additional answers

Your answer