"Update User" operation giving "Insufficient privileges to complete the operation.' error in Microsoft Graph API
Question
I am trying to create a Reset password page, that will take the new password of the logged in user to reset the password of the user in Azure AD. I have read the information given in the following page, for User Update API.
https://docs.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=cs
I have Directory.ReadWrite.All User.ReadWrite.All (delegated) and User.ReadWrite.All (Application) permissions in Azure AD configuration page. I had asked another query in SO for creating users through MS Graph API, in which I learned how to create an Access token. I am following the same procedure to get access token for calling "User Update API". In Postman I am passing the below value.
PATCH https://graph.microsoft.com/v1.0/users/principalname@blah.in
Content-type: application/json
Authorization: bearer TOKEN
{
"passwordProfile":
{
"forceChangePasswordNextSignIn":false,
"password": "XXXXXXXXX"
}
}
When I execute this I get the following error
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "1ab4e11b-57e7-481f-9d93-296a3dece72c",
"date": "2019-05-10T05:13:19"
}
} }
I am unable to understand why I am getting this error because all permissions are given for the user.
I have gone through all the questions related to "Insufficient privileges to complete the operation" in SO before posting this question.
1 answers
solution1
2 ACCPTED 2019-05-10 06:03:37
Because when updating the passwordProfile property, youn need the Directory.AccessAsUser.All permission.
See: https://docs.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=cs
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.