user: getMemberObjects
- 2 minutes to read
-
Contributors
Return all of the groups, directory roles and administrative units that the user is a member of. The check is transitive.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | Directory.Read.All, Directory.ReadWrite.All |
HTTP request
POST /users/{id | userPrincipalName}/getMemberObjects
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. |
| Content-Type | application/json |
Request body
In the request body, provide a JSON object with the following parameters.
| Parameter | Type | Description |
|---|---|---|
| securityEnabledOnly | Boolean | true to specify that only security groups that the user is a member of should be returned; false to specify that all groups and directory roles that the user is a member of should be returned. Note: Setting this parameter to true is only supported when calling this method on a user. |
Response
If successful, this method returns 200 OK response code and String collection in the response body that contains the IDs of the groups and directory roles that the user is a member of.
Example
Here is an example of how to call this API.
Request
Here is an example of the request.
POST https://graph.microsoft.com/v1.0/me/getMemberObjects
Content-type: application/json
Content-length: 33
{
"securityEnabledOnly": true
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-type: application/json
Content-length: 39
{
"value": [
"string-value"
]
}