API '500' Error when delegating admin access on MySite (OneDrive / Office365)

Question

I would value some advice as we are facing an issue with the where it returns 500 errors, when we request delegated administrative access to the Office 365 MySites Site Collection. 会返回500个错误，因此我们会遇到一些问题。

We have independent organizations, 'A' and 'B' , which both own their respectives Azure Active Directroy accounts and O365/Azure subscriptions. 我们有独立的组织“ A”和“ B”，它们各自拥有各自的Azure Active Directroy帐户和O365 / Azure订阅。 Organiation B wishes to utilise an application provide Organisation A which requires delegated administrative access to it's Office365 MySites Site Collection.

Organisation B successfully adds the app to their Active Directory Account by using the OAuth2 authorization process, granting the permissions that the application requires over their company active directory.

The final part is delegating access of an admin account in Organisation B to the Mysites site collection in Organisation B's Office 365 account. If we utilise the manual process via the administrative panel all works well, although programatically via the API we receive a '500' error.

We are using the following call to programmatically add the user as site collection administrator: (please note: I have used [ dummmy id's] below )

Endpoint URL:

https://<..org_a..>.my.sharepoint.com/personal/[[user_OrganisationA_com]]/_api/web/siteUsers/getByEmail(@u)?@u='[[info@_OrganisationA.com']] Method: POST

Body: {'__metadata':{ 'type': 'SP.User' }, 'IsSiteAdmin':'true'}

HTTP Headers:
•   "Content-Type": "application/json; odata=verbose"
•   "X-HTTP-Method": "MERGE"
•   "Authorization": "Bearer <OAuth2 token>"
•   "Accept": "application/json"

On the request above we are trying to add info@_organisationB.com as site collection administrator to UserC's personal site in One Drive for Business service (UserC is identified by the email UserC@_organisationB.com). The user info@_organisationB.com has Global Administrator privileges in Organisation B's Office365 domain and UserC@_organisationB.com) is a basic user with no admin rights.

The call returns a 500 HTTP Status code (Internal Server Error) and the following message:

 object(stdClass)[18]
 public 'odata.error' => 
 object(stdClass)[19]   
 public 'code' => string '-2146232832,     Microsoft.SharePoint.SPException' (length=45)
  public 'message' => 
    object(stdClass)[20]
      public 'lang' => string 'en-US' (length=5)
      public 'value' => string 'You need to be a site collection administrator to set this property.' (length=68)

To our knowledge an API call should never return a 500 HTTP Status Code (Internal Server Error), if we are not allowed to do what we intend it should provide an Insufficiente permissions message or similar, however, the fact that we can manually apply this through the SharePoint Online management portal makes us believe we are hitting a bug that is stopping us from achieving what we intend.

Any advise would be appreciated!

Answer 1

您是否在执行请求的网站上使用SSL？