Forum Discussion

aavci's avatar
aavci
Copper Contributor
Jul 18, 2021

Is it possible to get information about a user's permissions level or detect who installed your app?

Is it possible to use the Graph API to learn any of the following?

  • What the user type is. e.g. member vs guest
  • Whether they are an admin of the organization
  • Whether they were the one who installed your app that is hosted in MS Teams.

 

The endpoint that currently returns the user's information doesn't have any of this: https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http

  • aavci 

    1. To get if an user is Guest User or not , you can use below Microsoft Graph API endpoint:
      https://graph.microsoft.com/v1.0/users?$filter=userType eq 'Guest'
      Ensure at least any of the below permission scope is consented:
      User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All,Directory.ReadWrite.All,Directory.AccessAsUser.All.
      Under the response, you will get all the Guest Users added to your tenant.

    2.  To check if an user is Admin or not, You can use GET https://graph.microsoft.com/v1.0/me/memberOf and will get following object in the response:
      {
        "@odata.type": "#microsoft.graph.directoryRole",
        "id": "0ad7a218-f48f-4236-b4e5-7a6b85742146",
        "deletedDateTime": null,
        "description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
        "displayName": "Global Administrator",
        "roleTemplateId": "62e90394-69f5-4237-9190-012177145e10"
      }

    In the above response, the company administrator means tenant administrator.
    If you want to use roleTemplateId-value to check, you can use GET https://graph.microsoft.com/v1.0/directoryRoleTemplates/{roleTemplatedID-value}", and  you will get the response like this:

    {
        "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryRoleTemplates/$entity",
        "id": "62e90394-69f5-4237-9190-012177145e10",
        "deletedDateTime": null,
        "description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
        "displayName": "Global Administrator"
    }

    In the response, the company administrator means the global administrator.

    3. You can follow this link to get details of installed apps in Microsoft Teams.


    Thanks,

    Prasad Das

    --------------------------------------------------------------------------------------------------------------------------------------------

    If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.