Get user roles for a customer

Get a list of all the roles/permissions attached to a user account. Variations include getting a list of all permissions across all user accounts for a customer, and getting a list of users that have a given role.

Prerequisites

  • Credentials as described in Partner Center authentication. This scenario supports authentication with App+User credentials only.

  • A customer ID (customer-tenant-id). If you don't know the customer's ID, you can look it up in Partner Center by selecting the Customers workspace, then the customer from the customer list, then Account. On the customer's Account page, look for the Microsoft ID in the Customer Account Info section. The Microsoft ID is the same as the customer ID (customer-tenant-id).

GDAP roles

You'll need at least one of the following GDAP roles:

  • Directory Reader
  • Global reader
  • User Administrator
  • Privileged Role Administrator
  • Directory Writers

C#

To retrieve all the directory roles for a specified customer, first retrieve the specified customer ID. Then, use your IAggregatePartner.Customers collection and call the ById() method. Then call the DirectoryRoles property, followed by the Get() or GetAsync() method.

// string selectedCustomerId;
// IAggregatePartner partnerOperations;

var directoryRoles = partnerOperations.Customers.ById(selectedCustomerId).DirectoryRoles.Get();

Sample: Console test app. Project: Partner Center SDK Samples Class: GetCustomerDirectoryRoles.cs

To retrieve a list of customer users that have a given role, first retrieve the specified customer ID and the directory role ID. Then, use your IAggregatePartner.Customers collection and call the ById() method. Then call the DirectoryRoles property, then ById() method, then the UserMembers property, the followed by the Get() or GetAsync() method.

// string selectedCustomerId;
// IAggregatePartner partnerOperations;
// string selectedDirectoryRoleId;

var userMembers = partnerOperations.Customers.ById(selectedCustomerId).DirectoryRoles.ById(selectedDirectoryRoleId).UserMembers.Get();

Sample: Console test app. Project: PartnerSDK.FeatureSamples Class: GetCustomerDirectoryRoleUserMembers.cs

REST request

Request syntax

Method Request URI
GET {baseURL}/v1/customers/{customer-tenant-id}/users/{user-id}/directoryroles HTTP/1.1
GET {baseURL}/v1/customers/{customer-tenant-id}/directoryroles HTTP/1.1
GET {baseURL}/v1/customers/{customer-tenant-id}/directoryroles/{role-ID}/usermembers

URI parameter

Use the following query parameter to identify the correct customer.

Name Type Required Description
customer-tenant-id guid Y The value is a GUID formatted customer-tenant-id that allows the reseller to filter the results for a given customer that belongs to the reseller.
user-id guid N The value is a GUID formatted user-id that belongs to a single user account.
role-id guid N The value is a GUID formatted role-id that belongs to a type of role. You can get these IDs by querying all the directory roles for a customer, across all user accounts. (The second scenario, above).

Request headers

For more information, see Partner Center REST headers.

Request body

Request example

GET https://api.partnercenter.microsoft.com/v1/customers/<customer-tenant-id>/users/<user-id>/directoryroles HTTP/1.1
Authorization: Bearer <token>
Accept: application/json
MS-RequestId: b1317092-f087-471e-a637-f66523b2b94c
MS-CorrelationId: 8a53b025-d5be-4d98-ab20-229d1813de76

REST response

If successful, this method returns a list of the roles associated with the given user account.

Response success and error codes

Each response comes with an HTTP status code that indicates success or failure and additional debugging information. Use a network trace tool to read this code, error type, and additional parameters. For the full list, see Error Codes.

Response example

HTTP/1.1 200 OK
Content-Length: 31942
Content-Type: application/json
MS-CorrelationId: 8a53b025-d5be-4d98-ab20-229d1813de76
MS-RequestId: b1317092-f087-471e-a637-f66523b2b94c
Date: June 24 2016 22:00:25 PST

{
      "totalCount": 2,
      "items": [
        {
          "name": "Helpdesk Administrator",
          "id": "729827e3-9c14-49f7-bb1b-9608f156bbb8",
          "attributes": { "objectType": "DirectoryRole" }
        },
        {
          "name": "User Account Administrator",
          "id": "fe930be7-5e62-47db-91af-98c3a49a38b1",
          "attributes": { "objectType": "DirectoryRole" }
        }
      ],
      "attributes": { "objectType": "Collection" }
}