Forum Discussion

vsehgal's avatar
vsehgal
Copper Contributor
Feb 28, 2024

Authorization_RequestDenied

Hi team, 


We are currently trying to get user 
email address removed for privacy reasons through the https://graph.microsoft.com/v1.0/users/email address removed for privacy reasons

 

We get the below error: (Forbidden:Authorization_RequestDenied) Insufficient privileges to complete the operation. Date: 2024-02-28T15:26:23. Request Id: ce9dca50-7dba-44d4-be95-e5a4d14aada0. Client Request Id: ce9dca50-7dba-44d4-be95-e5a4d14aada0.

 

We have granted the access policy to this user and we do have the correct scopes. Could you look at the logs and let us know what might be the issue here?

 

Thanks,

Vakul

  • vsehgal - The error message indicates that the operation is being denied due to insufficient privileges. This means that the access token being used does not have the required permission scope to access the user's email address. You need to ensure that the access token has the necessary permission scope to read the user's profile information. In this case, you need to include the User.Read permission scope when requesting the access token.

    Ref: Get a user - Microsoft Graph v1.0 | Microsoft Learn

     

     

    Thanks, 

    Prasad Das

    ------------------------------------------------------------------------------------------ 

    If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate. 

    • vsehgal's avatar
      vsehgal
      Copper Contributor
      HI Prasad,

      I can confirm that the User.Read scope is added to the application as well as the scope is being passed while making the authorization request.

Resources