Is it possible to get information about a user's permissions level or detect who installed your app?

%3CLINGO-SUB%20id%3D%22lingo-sub-2559377%22%20slang%3D%22en-US%22%3EIs%20it%20possible%20to%20get%20information%20about%20a%20user's%20permissions%20level%20or%20detect%20who%20installed%20your%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2559377%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20possible%20to%20use%20the%20Graph%20API%20to%20learn%20any%20of%20the%20following%3F%3C%2FP%3E%3CUL%3E%3CLI%3EWhat%20the%20user%20type%20is.%20e.g.%20member%20vs%20guest%3C%2FLI%3E%3CLI%3EWhether%20they%20are%20an%20admin%20of%20the%20organization%3C%2FLI%3E%3CLI%3EWhether%20they%20were%20the%20one%20who%20installed%20your%20app%20that%20is%20hosted%20in%20MS%20Teams.%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2559377%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2560064%22%20slang%3D%22en-US%22%3ERe%3A%20Is%20it%20possible%20to%20get%20information%20about%20a%20user's%20permissions%20level%20or%20detect%20who%20installed%20your%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2560064%22%20slang%3D%22en-US%22%3EThe%20endpoint%20that%20currently%20returns%20the%20user's%20information%20doesn't%20have%20any%20of%20this%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fuser-get%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fuser-get%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2561638%22%20slang%3D%22en-US%22%3ERe%3A%20Is%20it%20possible%20to%20get%20information%20about%20a%20user's%20permissions%20level%20or%20detect%20who%20installed%20your%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2561638%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1106221%22%20target%3D%22_blank%22%3E%40aavci%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%3ETo%20get%20if%20an%20user%20is%20Guest%20User%20or%20not%20%2C%20you%20can%20use%20below%20Microsoft%20Graph%20API%20endpoint%3A%3C%2FSPAN%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fme%2FmemberOf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fusers%3F%24filter%3DuserType%20eq%20'Guest'%3C%2FA%3E%3CBR%20%2F%3E%3CSPAN%3EEnsure%20at%20least%20any%20of%20the%20below%20permission%20scope%20is%20consented%3A%3CBR%20%2F%3E%3C%2FSPAN%3EUser.ReadBasic.All%2C%20User.Read.All%2C%20User.ReadWrite.All%2C%20Directory.Read.All%2C%3CSPAN%3EDirectory.ReadWrite.All%2CDirectory.AccessAsUser.All.%3C%2FSPAN%3E%3CBR%20%2F%3EUnder%20the%20response%2C%20you%20will%20get%20all%20the%20Guest%20Users%20added%20to%20your%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3BTo%20check%20if%20an%20user%20is%20Admin%20or%20not%2C%20You%20can%20use%20GET%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fme%2FmemberOf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fme%2FmemberOf%3C%2FA%3E%26nbsp%3B%3CSPAN%3E%3CSPAN%3Eand%20will%20get%20following%20object%20in%20the%20response%3A%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3E%7B%0A%20%20%22%40odata.type%22%3A%20%22%23microsoft.graph.directoryRole%22%2C%0A%20%20%22id%22%3A%20%220ad7a218-f48f-4236-b4e5-7a6b85742146%22%2C%0A%20%20%22deletedDateTime%22%3A%20null%2C%0A%20%20%22description%22%3A%20%22Can%20manage%20all%20aspects%20of%20Azure%20AD%20and%20Microsoft%20services%20that%20use%20Azure%20AD%20identities.%22%2C%0A%20%20%22displayName%22%3A%20%22Global%20Administrator%22%2C%0A%20%20%22roleTemplateId%22%3A%20%2262e90394-69f5-4237-9190-012177145e10%22%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%3EIn%20the%20above%20response%2C%20the%20company%20administrator%20means%20tenant%20administrator.%3CBR%20%2F%3EIf%20you%20want%20to%20use%26nbsp%3B%3CCODE%3EroleTemplateId-value%3C%2FCODE%3E%26nbsp%3Bto%20check%2C%20you%20can%20use%20GET%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2FdirectoryRoleTemplates%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2FdirectoryRoleTemplates%2F%3C%2FA%3E%7BroleTemplatedID-value%7D%22%2C%20and%26nbsp%3B%20you%20will%20get%20the%20response%20like%20this%3A%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-applescript%22%3E%3CCODE%3E%7B%0A%20%20%20%20%22%40odata.context%22%3A%20%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2F%24metadata%23directoryRoleTemplates%2F%24entity%22%2C%0A%20%20%20%20%22id%22%3A%20%2262e90394-69f5-4237-9190-012177145e10%22%2C%0A%20%20%20%20%22deletedDateTime%22%3A%20null%2C%0A%20%20%20%20%22description%22%3A%20%22Can%20manage%20all%20aspects%20of%20Azure%20AD%20and%20Microsoft%20services%20that%20use%20Azure%20AD%20identities.%22%2C%0A%20%20%20%20%22displayName%22%3A%20%22Global%20Administrator%22%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%3CLI-WRAPPER%3E%3CSPAN%3EIn%20the%20response%2C%20the%20company%20administrator%20means%20the%20global%20administrator.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FLI-WRAPPER%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3E%3CSPAN%3E3.%20You%20can%20follow%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fteam-list-installedapps%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%23example-2-get-the-names-and-other-details-of-installed-apps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%3C%2FA%3E%26nbsp%3Blink%20to%20get%20details%20of%20installed%20apps%20in%20Microsoft%20Teams.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CDIV%3E%0A%3CP%3E%3CSPAN%3EThanks%2C%3C%2FSPAN%3E%3C%2FP%3E%0A%3CDIV%3E%3CSPAN%3E%3CSPAN%3EPrasad%20Das%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CDIV%3E%0A%3CP%3E%3CSPAN%3E--------------------------------------------------------------------------------------------------------------------------------------------%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIf%20the%20response%20is%20helpful%2C%20please%20click%20%22**Mark%20as%20Best%20Response**%22%20and%20like%20it.%20You%20can%20share%20your%20feedback%20via%20%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Faka.ms%2Fdevsupportfeedback)%22%20href%3D%22https%3A%2F%2Faka.ms%2FDevSupportFeedback)%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3EMicrosoft%20Teams%20Developer%20Feedback%3C%2FA%3E%20link.%20Click%20%3CA%20tabindex%3D%22-1%22%20title%3D%22https%3A%2F%2Faka.ms%2Fdevcommunityescalationform%22%20href%3D%22https%3A%2F%2Faka.ms%2FDevCommunityEscalationForm%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3Ehere%3C%2FA%3E%20to%20escalate.%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
New Contributor

Is it possible to use the Graph API to learn any of the following?

  • What the user type is. e.g. member vs guest
  • Whether they are an admin of the organization
  • Whether they were the one who installed your app that is hosted in MS Teams.

 

The endpoint that currently returns the user's information doesn't have any of this: https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http

1 Reply

@aavci 

  1. To get if an user is Guest User or not , you can use below Microsoft Graph API endpoint:
    https://graph.microsoft.com/v1.0/users?$filter=userType eq 'Guest'
    Ensure at least any of the below permission scope is consented:
    User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All,Directory.ReadWrite.All,Directory.AccessAsUser.All.
    Under the response, you will get all the Guest Users added to your tenant.

  2.  To check if an user is Admin or not, You can use GET https://graph.microsoft.com/v1.0/me/memberOf and will get following object in the response:
    {
      "@odata.type": "#microsoft.graph.directoryRole",
      "id": "0ad7a218-f48f-4236-b4e5-7a6b85742146",
      "deletedDateTime": null,
      "description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
      "displayName": "Global Administrator",
      "roleTemplateId": "62e90394-69f5-4237-9190-012177145e10"
    }

In the above response, the company administrator means tenant administrator.
If you want to use roleTemplateId-value to check, you can use GET https://graph.microsoft.com/v1.0/directoryRoleTemplates/{roleTemplatedID-value}", and  you will get the response like this:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryRoleTemplates/$entity",
    "id": "62e90394-69f5-4237-9190-012177145e10",
    "deletedDateTime": null,
    "description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
    "displayName": "Global Administrator"
}

In the response, the company administrator means the global administrator.

3. You can follow this link to get details of installed apps in Microsoft Teams.


Thanks,

Prasad Das

--------------------------------------------------------------------------------------------------------------------------------------------

If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link. Click here to escalate.