Forum Discussion
Permissions to extract SignInActivity from MS Graph
Hi,
I'm trying to extract SignInActivity from MS Graph but am receiving an error.
Query:
https://graph.microsoft.com/beta/users?$select=UserType,UserPrincipalName,DisplayName,SignInActivity
Generates error:
{
"error": {
"code": "Authentication_RequestFromUnsupportedUserRole",
"message": "User is not in the allowed roles",
"innerError": {
"date": "2021-03-08T15:00:42",
"request-id": "[hidden]",
"client-request-id": "[hidden]"
}
}
}
BTW, this works (excluding SignInActivity)
https://graph.microsoft.com/beta/users?$select=UserType,UserPrincipalName,DisplayName,SignInActivity
Permissions consented (among others):
AuditLog.Read.All
Directory.AccessAsUser.All
Directory.Read.All
Organization.Read.All
User.Read
User.Read.All
User.ReadBasic.All
User.ReadWrite
User.ReadWrite.All
Which permission/role is missing?
Thanks,
Thomas
5 Replies
SignInActivity is not working even though we have Azure Premium 2 in our tenant. I have "AuditLog.Read.All" and uisng application permissions https://graph.microsoft.com/v1.0/users?$select=displayName,userPrincipalName,signInActivity
What do you think i am missing
- You need to add the Directory.Read.All to the app as well
- correct
- For anyone interested, here's the solution.
Adding the "Global reader" role did the job (in addition I have the "User administrator" role). - Hi
AuditLog.Read.All should be the permission needed for SigninActivity.
But the error states unsupported user role, what role does the user account you are trying with have? The documentation states you don't need a specific role, but that's the first thing I would try...
