User.ReadBasic.All Application Permission for App Registration?
Closed this issue · 4 comments
Hi Yvan,
It recently came to my attention that Microsoft added User.ReadBasic.All Graph Permission to Application Permissions.
Will the Permission User.ReadBasic.All be supported by EntraCP or is there a specific reason why User.Read.All has to be used?
Kind regards,
Claudio
Hi @Kinumikao, thank you very much for raising this, I was not aware about this permission.
I will be more than happy to use User.ReadBasic.All instead of User.Read.All if it does not cause side effects, I will test it asap and let you know here.
Hi @Kinumikao, finally I tested the permission User.ReadBasic.All. Unfortunately, it cannot replace User.Read.All because it denies critical requests such as the one below:
/users?$count=true&$filter=( (startswith(UserPrincipalName, 'testEntraCPUser_001') and UserType eq 'Member') or (startswith(Mail, 'testEntraCPUser_001') and UserType eq 'Guest') ) or startswith(DisplayName, 'testEntraCPUser_001') or startswith(GivenName, 'testEntraCPUser_001') or startswith(Surname, 'testEntraCPUser_001') or startswith(Mail, 'testEntraCPUser_001')&$select=Id,UserType,Mail,UserPrincipalName,DisplayName,GivenName,Surname,Mail,DisplayName,Mail,MobilePhone,JobTitle,Department,OfficeLocation&$top=30
I did not test further, but my guess is that getting the property UserType is rejected with permission User.ReadBasic.All
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
This issue was closed because it has been stalled for 5 days with no activity.