Reputation: 1422
MS graph guid for permission User.Invite.All
What is the guid value for User.Invite.All permission in graph.microsoft.com
User.Invite.All guid = ?????
Graph Invitations Permissions Security Solution Below in Answers …
(the below list is now updated with the User.Invite.All guid)
-----------------------------------------------------
Microsoft Graph (API)
- resourceAppId 00000003-0000-0000-c000-000000000000
-----------------------------------------------------
User.ReadWrite.All
- 741f803b-c850-494e-b5df-cde7c675a1ca
Directory.ReadWrite.All (+)
- 19dbc75e-c2e2-444c-a770-ec69d8559fc7
User.Invite.All
- 09850681-111b-4a89-9bed-3f2cae46d706
-----------------------------------------------------
Windows Azure Active Directory (API)
- resourceAppId 00000002-0000-0000-c000-000000000000
-----------------------------------------------------
Directory.Read.All
- Read directory data
- 5778995a-e1bf-45b8-affa-663a9f3f4d04
Domain.ReadWrite.All (*)
- Read and write domains
- abefe9df-d5a9-41c6-a60b-27b38eac3efb
Directory.ReadWrite.All (+)
- Read and write directory data
- 78c8a3c8-a07e-4b9e-af1b-b5ccab50a175
Device.ReadWrite.All
- Read and write devices
- 1138cb37-bd11-4084-a2b7-9f71582aeddb
Member.Read.Hidden
- Read all hidden memberships
- 9728c0c4-a06b-4e0e-8d1b-3d694e8ec207
Application.ReadWrite.OwnedBy
- Manage apps that this app creates or owns
- 824c81eb-e3f8-4ee6-8f6d-de7f50d565b7
Application.ReadWrite.All
- Read and write all applications
- 1cda74f2-2616-4834-b122-5cb1b07f8a59
Domain.ReadWrite.All (*)
- Read and write domains
- aaff0dfd-0295-48b6-a5cc-9f465bc87928
(*) Note these have the same name and description - two seperate guids within AD
(+) Notice same scope name in two diferent resourceAppIDs (Graph vs. AD)
The above list may be very useful to someone as I was not able to find an include file or type def anywhere. Which makes sense as you use the text name in scope calls.
Upvotes: 5
Views: 2367
Answers (1)
Reputation: 1422
Invitation Manager Microsoft Graph Security Permissions – Critical Detail
The invitations “service” is part of Graph not part of AD.
AD looks like it is part of Graph and Graph looks like it is part of AD but they have different security setup contexts and scopes that happen to have the exact same permission names in some of the scopes.
If you are setting up an application in Azure that needs access to the Invitations API then make sure you add a specific reference to Graph in addition to the AD API reference that is created for you when you first create an application registration.
FYI: The Invitations looks like it is part of normal full v1.0 Graph and not beta only anymore. https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/invitation https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/invitation_post https://graph.microsoft.com/v1.0/invitations https://graph.microsoft.com/beta/invitations
Upvotes: 4
Related Questions
- Retrieving permission IDs for Microsoft Graph API - Delegated / Application Permissions GUID for various Scopes
- Microsoft Graph The token contains no permissions, or permissions cannot be understood
- MS Graph Api call drops "The token contains no permissions, or permissions can not be understood."
- MS Graph Api Read Users that gave permissions
- How can I get the guids of Graph API permissions programmatically for an Azure AD application?
- Authorization issues with MS Graph
- Microsoft Graph API: Authorization_IdentityNotFound
- MS Graph API: looking for ALIAS of user
- Microsoft's Graph permission resource type has no invitations
- Microsoft Graph schemaExtensions Authorization_RequestDenied