Try decoding the access token via jwt.ms or similar tool and make sure the claims therein reflect the permissions. If using the Graph explorer tool, you can get the token via the Access token tab.
Not able to access Microsoft Graph reports apis though I have necessary permissions
Iam trying to access Azuread Report apis. But even though the user have Global Reader and Report Reader role
and he grant Report.read.all
scope Iam not able to access Reports api it is giving me Invalid permissions error.
API Endpoint: https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserDetail(period='D7')
Error: {"error":{"code":"UnknownError","message":"{\"error\":{\"code\":\"S2SUnauthorized\",\"message\":\"Invalid permission.\"}}","innerError":{"date":"2024-10-21T09:53:29","request-id":"464eb548-1530-4361-9362-009cd94039b4","client-request-id":"464eb548-1530-4361-9362-009cd94039b4"}}}
2 answers
Sort by: Most helpful
-
-
Yakun Huang-MSFT 5,490 Reputation points Microsoft Vendor
2024-10-22T02:15:30.6066667+00:00 Hello kalimuthu,
Thank you for reaching out to Microsoft Support!
First you need to make sure that the permissions granted are correct.
if you are using delegated permissions, you also need to grant the user the appropriate role, and use Auth code flow to get the token.
If application permissions are used, client credentials flow is required.
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.