-1

We have an application in production environment, today we found an issue that while updating "othermails" attribute of user through graph api returns insufficient privilege error.It was working couple of days back.We are using client credential flow to get access token from azure.

While troubleshooting I find out that if directory role "Global administrator" is assigned to application admin user then application admin user can update othermails attribute. But couple of days back it was working fine without "Global administrator" role. We cannot give "Global administrator" directory role to all application admins, it was restriction imposed by our client.

Now, my question is why is working earlier and now not? Does Microsoft changes directory role definition or something?

Tony Ju
  • 14,891
  • 3
  • 17
  • 31
Umer Qureshi
  • 1,736
  • 2
  • 20
  • 22
  • Can you please describe what you mean by "application admin user"? – Philippe Signoret May 03 '19 at 21:54
  • @PhilippeSignoret its a user in our application called "admin user". This user has two directory roles in azure "User Administration and Cloud Administration". This user has special roles in our application to update other Users info. – Umer Qureshi May 06 '19 at 06:35

1 Answers1

1

Its seems you have encountered Insufficient privileges while updating user profile.

Does Microsoft changes directory role definition or something?

No Microsoft has not change any previous Role Definition so far.

In your case to Update user profile you need to have following permission to update user profile:

enter image description here

Note: Once you have above permission you could update user profile. You could also take a look here

Md Farid Uddin Kiron
  • 16,817
  • 3
  • 17
  • 43