Reputation: 1607
MS Graph api: access other users data
I am building a native application that uses Microsoft Graph.
I am using the OAuth2 authorization workflow to get the authorization code: https://login.microsoftonline.com/common/oauth2/authorize?resource=https://graph.microsoft.com&prompt=admin_consent
I would like my application to be able to read all messages in any user's mailbox (when an admin is logged in). I can read the mail of the signed-in user (the admin in this case) but not the other users (I get a 403 error). I have checked every single permission (delegated) in my app's Azure admin. When I grant access to the app in the browser, I get a huge list of permissions, including "Read and write user mail".
I have the same problem with mailboxSettings, even if the login page asks me to grant "Read and write user mailbox settings" permission (among many others). I'm using the following query value: prompt=admin_consent when requesting an authorization code.
Is there a way an admin can access all other users info?
Thanks
Upvotes: 1
Views: 1867
Answers (1)
Reputation: 2883
With Mail.Read permission, even if you are logged in as admin, you cannot read mail from another user's mailbox. With Mail.Read.Shared permission, if you have access to another user's mailbox, you will be able to sign in as you and read their mail.
Upvotes: 1
Related Questions
- Get User Information using Access Token in Microsoft graph API
- Get my user's information using MS Graph API
- MS Graph Api Read Users that gave permissions
- How to access the Microsoft Graph API data for the local user
- MS Graph - get all users
- How to get all user data within office365 people page [directory/all users] using ms-graph
- Connection between Users and People in Microsoft Graph API
- Microsoft Graph: how to get Data from users of an organisation through web app?
- Getting all user data using Microsoft Graph API
- How to access another user's data via the Graph API?