Forum Discussion
idoron_varonis
Dec 16, 2024Copper Contributor
Retrieving information about the SiteUserInfoList using REST API results in a 403 error
I tried to send the following GET request, authenticated as an administrator:
https://<tenant-domain>.sharepoint.com/<site_path>/_api/web/lists?$select=Author,BaseTemplate,BaseType,Created,DefaultViewUrl,Id,LastItemModifiedDate,Title,DefaultView/ServerRelativeUrl,HasUniqueRoleAssignments,RootFolder/ServerRelativeUrl,RoleAssignments/Member/Id,RoleAssignments/Member/LoginName,RoleAssignments/RoleDefinitionBindings&$expand=Author,DefaultView,RootFolder,RoleAssignments/Member,RoleAssignments/RoleDefinitionBindings
I got a 403 status code, with the error: "Due to organizational policies, you can't access this resource."
To investigate the source of the problem, I tested the following request, which returned a valid output:
https://<tenant-domain>.sharepoint.com/<site_path>/_api/web/lists
I then iterated over the lists in the response, and for each such list I sent a request to get its data. All the requests returned a valid response, except one: SiteUserInfoList. When I tried to get information about this list, I got the same error mentioned above.
I Googled it up and discovered this is a hidden list, maintained by SharePoint to store and manage user information profiles for authenticated users at the site collection level.
I have a few questions:
- As administrator, does it make sense that I am forbidden from retrieving information about the SiteUserInfoList?
- Was the SiteUserInfoList always part of the lists shown in the _api/web/lists response? Or was it added recently?
- Is there a workaround I can apply to make this request work?
https://<tenant-domain>.sharepoint.com/<site_path>/_api/web/lists?$select=Author,BaseTemplate,BaseType,Created,DefaultViewUrl,Id,LastItemModifiedDate,Title,DefaultView/ServerRelativeUrl,HasUniqueRoleAssignments,RootFolder/ServerRelativeUrl,RoleAssignments/Member/Id,RoleAssignments/Member/LoginName,RoleAssignments/RoleDefinitionBindings&$expand=Author,DefaultView,RootFolder,RoleAssignments/Member,RoleAssignments/RoleDefinitionBindings
- idoron_varonisCopper Contributor
Yes, it does. Do you know what could be the issue?
- idoron_varonisCopper Contributor
I want to add another detail.
If I send the request using a registered application Bearer token, it fails with 403. (The application is granted all the permissions related to SharePoint).
However, if I log in from the browser, using the tenant administrator, I am able to send the request from the browser and get a valid response.
How could it be?
- michalkornetIron Contributor
hi idoron_varonis , Regarding your questions, I have an idea for point #3. Could you check if the request works when you add a filter statement? _api/web/lists?$filter=Title ne 'User Information List'