Get user roles for a customer
Get a list of all the roles/permissions attached to a user account. Variations include getting a list of all permissions across all user accounts for a customer, and getting a list of users that have a given role.
Prerequisites
Credentials as described in Partner Center authentication. This scenario supports authentication with App+User credentials only.
A customer ID (
customer-tenant-id). If you don't know the customer's ID, you can look it up in Partner Center by selecting the Customers workspace, then the customer from the customer list, then Account. On the customer's Account page, look for the Microsoft ID in the Customer Account Info section. The Microsoft ID is the same as the customer ID (customer-tenant-id).
GDAP roles
You'll need at least one of the following GDAP roles:
- Directory Reader
- Global reader
- User Administrator
- Privileged Role Administrator
- Directory Writers
C#
To retrieve all the directory roles for a specified customer, first retrieve the specified customer ID. Then, use your IAggregatePartner.Customers collection and call the ById() method. Then call the DirectoryRoles property, followed by the Get() or GetAsync() method.
// string selectedCustomerId;
// IAggregatePartner partnerOperations;
var directoryRoles = partnerOperations.Customers.ById(selectedCustomerId).DirectoryRoles.Get();
Sample: Console test app. Project: Partner Center SDK Samples Class: GetCustomerDirectoryRoles.cs
To retrieve a list of customer users that have a given role, first retrieve the specified customer ID and the directory role ID. Then, use your IAggregatePartner.Customers collection and call the ById() method. Then call the DirectoryRoles property, then ById() method, then the UserMembers property, the followed by the Get() or GetAsync() method.
// string selectedCustomerId;
// IAggregatePartner partnerOperations;
// string selectedDirectoryRoleId;
var userMembers = partnerOperations.Customers.ById(selectedCustomerId).DirectoryRoles.ById(selectedDirectoryRoleId).UserMembers.Get();
Sample: Console test app. Project: PartnerSDK.FeatureSamples Class: GetCustomerDirectoryRoleUserMembers.cs
REST request
Request syntax
| Method | Request URI |
|---|---|
| GET | {baseURL}/v1/customers/{customer-tenant-id}/users/{user-id}/directoryroles HTTP/1.1 |
| GET | {baseURL}/v1/customers/{customer-tenant-id}/directoryroles HTTP/1.1 |
| GET | {baseURL}/v1/customers/{customer-tenant-id}/directoryroles/{role-ID}/usermembers |
URI parameter
Use the following query parameter to identify the correct customer.
| Name | Type | Required | Description |
|---|---|---|---|
| customer-tenant-id | guid | Y | The value is a GUID formatted customer-tenant-id that allows the reseller to filter the results for a given customer that belongs to the reseller. |
| user-id | guid | N | The value is a GUID formatted user-id that belongs to a single user account. |
| role-id | guid | N | The value is a GUID formatted role-id that belongs to a type of role. You can get these IDs by querying all the directory roles for a customer, across all user accounts. (The second scenario, above). |
Request headers
For more information, see Partner Center REST headers.
Request body
Request example
GET https://api.partnercenter.microsoft.com/v1/customers/<customer-tenant-id>/users/<user-id>/directoryroles HTTP/1.1
Authorization: Bearer <token>
Accept: application/json
MS-RequestId: b1317092-f087-471e-a637-f66523b2b94c
MS-CorrelationId: aaaa0000-bb11-2222-33cc-444444dddddd
REST response
If successful, this method returns a list of the roles associated with the given user account.
Response success and error codes
Each response comes with an HTTP status code that indicates success or failure and additional debugging information. Use a network trace tool to read this code, error type, and additional parameters. For the full list, see Error Codes.
Response example
HTTP/1.1 200 OK
Content-Length: 31942
Content-Type: application/json
MS-CorrelationId: aaaa0000-bb11-2222-33cc-444444dddddd
MS-RequestId: b1317092-f087-471e-a637-f66523b2b94c
Date: June 24 2016 22:00:25 PST
{
"totalCount": 2,
"items": [
{
"name": "Helpdesk Administrator",
"id": "729827e3-9c14-49f7-bb1b-9608f156bbb8",
"attributes": { "objectType": "DirectoryRole" }
},
{
"name": "User Account Administrator",
"id": "fe930be7-5e62-47db-91af-98c3a49a38b1",
"attributes": { "objectType": "DirectoryRole" }
}
],
"attributes": { "objectType": "Collection" }
}