RoleAssignments via the rest api returns unauthoried on SharePoint On-line

Zdeněk Fridrichovský 1 Reputation point

I am using REST API to get roles on SharePoint. I am using "_api/Web/RoleAssignments". Problem is that it returns error message "Unauthorized". I tried add tenant permission to APP as described in this link

But it doesn't help.

Can you help me? What I have to do?

A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,558 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Jerryzy 10,561 Reputation points

    Hi @Zdeněk Fridrichovský ,

    If you are using SharePoint Hosted App to get the RoleAssignments in host web, please write code in App.Js like this:

    'use strict';  
    var hostweburl;  
    var appweburl;     
        // This code runs when the DOM is ready and creates a context object which is needed to use the SharePoint object model  
        $(document).ready(function () {  
            hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl"));  
            appweburl = decodeURIComponent(getQueryStringParameter("SPAppWebUrl"));    
            var scriptbase = hostweburl + "/_layouts/15/";  
            $.getScript(scriptbase + "SP.RequestExecutor.js", getRoleAssignments);  
    function getRoleAssignments() {  
        var executor = new SP.RequestExecutor(appweburl);  
        var FullURL = appweburl + "/_api/SP.AppContextSite(@target)/web/roleassignments?@target='" + hostweburl + "'";  
                url: FullURL,  
                method: "GET",  
                headers: {  
                    "accept": "application/json;odata=verbose",  
                    "content-type": "application/json;odata=verbose",  
                    "X-RequestDigest": $("#__REQUESTDIGEST").val()  
                success: onDataReturned,  
                error: errorHandler  
    function errorHandler(data, errorCode, errorMessage) {  
        console.log("Could not complete cross-domain call: " + errorMessage);  
    function onDataReturned(data) {  
    function getQueryStringParameter(paramToRetrieve) {  
        var params =  
        var strParams = "";  
        for (var i = 0; i < params.length; i = i + 1) {  
            var singleParam = params[i].split("=");  
            if (singleParam[0] == paramToRetrieve)  
                return singleParam[1];  

    In AppManifest.xml:

        <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />  
        <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />  
        <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />  

    Here is the response in Developer Tool:


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments