Get user roles for a customer

Applies To

  • Partner Center

Get a list of all the roles/permissions attached to a user account. Variations include getting a list of all permissions across all user accounts for a customer, and getting a list of users that have a given role.

Prerequisites

  • Credentials as described in Partner Center authentication. This scenario supports authentication with App+User credentials only.
  • A customer ID (customer-tenant-id). If you do not have a customer's ID, you can look up the ID in Partner Center by choosing the customer from the customers list, selecting Account, then saving their Microsoft ID.

C#

To retrieve all the directory roles for a specified customer, first retrieve the specified customer ID. Then, use your IAggregatePartner.Customers collection and call the ById() method. Then call the DirectoryRoles property, followed by the Get() or GetAsync()method.

// string selectedCustomerId;
// IAggregatePartner partnerOperations;

var directoryRoles = partnerOperations.Customers.ById(selectedCustomerId).DirectoryRoles.Get();

Sample: Console test app. Project: Partner Center SDK Samples Class: GetCustomerDirectoryRoles.cs

To retrieve a list of customer users that have a given role, first retrieve the specified customer ID and the directory role ID. Then, use your IAggregatePartner.Customers collection and call the ById() method. Then call the DirectoryRoles property, then ById() method, then the UserMembers property, the followed by the Get() or GetAsync()method.

// string selectedCustomerId;
// IAggregatePartner partnerOperations;
// string selectedDirectoryRoleId;

var userMembers = partnerOperations.Customers.ById(selectedCustomerId).DirectoryRoles.ById(selectedDirectoryRoleId).UserMembers.Get();

Sample: Console test app. Project: PartnerSDK.FeatureSamples Class: GetCustomerDirectoryRoleUserMembers.cs

REST Request

Request syntax

Method Request URI
GET {baseURL}/v1/customers/{customer-tenant-id}/users/{user-id}/directoryroles HTTP/1.1
GET {baseURL}/v1/customers/{customer-tenant-id}/directoryroles HTTP/1.1
GET {baseURL}/v1/customers/{customer-tenant-id}/directoryroles/{role-ID}/usermembers

URI parameter

Use the following query parameter to identify the correct customer.

Name Type Required Description
customer-tenant-id guid Y The value is a GUID formatted customer-tenant-id that allows the reseller to filter the results for a given customer that belongs to the reseller.
user-id guid N The value is a GUID formatted user-id that belongs to a single user account.
role-id guid N The value is a GUID formatted role-id that belongs to a type of role. You can get these ids by querying all the directory roles for a customer, across all user accounts. (The second scenario, above).

Request headers

  • See Headers for more information.

Request body

Request example

GET https://api.partnercenter.microsoft.com/v1/customers/<customer-tenant-id>/users/<user-id>/directoryroles HTTP/1.1
Authorization: Bearer <token>
Accept: application/json
MS-RequestId: b1317092-f087-471e-a637-f66523b2b94c
MS-CorrelationId: 8a53b025-d5be-4d98-ab20-229d1813de76

REST Response

If successful, this method returns a list of the roles associated with the given user account.

Response success and error codes

Each response comes with an HTTP status code that indicates success or failure and additional debugging information. Use a network trace tool to read this code, error type, and additional parameters. For the full list, see Error Codes.

Response example

HTTP/1.1 200 OK
Content-Length: 31942
Content-Type: application/json
MS-CorrelationId: 8a53b025-d5be-4d98-ab20-229d1813de76
MS-RequestId: b1317092-f087-471e-a637-f66523b2b94c
Date: June 24 2016 22:00:25 PST

{
      "totalCount": 2,
      "items": [
        {
          "name": "Helpdesk Administrator",
          "id": "729827e3-9c14-49f7-bb1b-9608f156bbb8",
          "attributes": { "objectType": "DirectoryRole" }
        },
        {
          "name": "User Account Administrator",
          "id": "fe930be7-5e62-47db-91af-98c3a49a38b1",
          "attributes": { "objectType": "DirectoryRole" }
        }
      ],
      "attributes": { "objectType": "Collection" }
}