question

59922717 avatar image
0 Votes"
59922717 asked saldana-msft edited

Best way to get a list of ServicePrincipals that a specific User has AppRoleAssignments on?

I am trying to accomplish the task described in the title.
From what I could gather so far, the only way to do this seems to be to first retrieve the appRoleAssignments for the user via

/users/${user-id}/appRoleAssignments

and then make a separate call for every unique resourceId like so

/servicePrincipals/${resource-id}

but this strikes me as a very suboptimal way to go about this...
Am I correct in my assumption that this is the only way?


I have considered that it might be possible to formulate a filter query along the lines of this pseudo query

/servicePrincipals?$filter=where any appRolesAssignedTo has principalId equal to ${user-id}

but if it is I couldn't figure out how to do it















microsoft-graph-usersmicrosoft-graph-applicationsmicrosoft-graph-query-parameters
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SrinivasaRaoDarnaMSFT-7657 avatar image
1 Vote"
SrinivasaRaoDarnaMSFT-7657 answered 59922717 commented

Hi @JonasSeilerWave-2262,

I tried to reproduce this case, and can get use $expand in combination with $filter, see as below.
But $filter is not getting honored in this $expand appRoleAssignedTo API call, I also observed that $select is also not getting honored $expand appRoleAssignedTo.

 /servicePrincipals?$expand=appRoleAssignedTo($filter=principalId eq {user-id})

Source:
serviceprincipal-relationships
query-parameters-$expand

Hope this helps.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is it perhaps possible to run a filter query on the property of the expanded relationship like so

/servicePrincipals?expand=appRoleAssignedTo&$filter=appRoleAssignedTo/any(var:var/principalId eq ${user-id})

or something similar? This specific request didn't work for me but maybe something like this is not generally impossible.








0 Votes 0 ·