0

I'm using MS Graph APIs to manage users in my B2C directory. I'm able to create/update the users but I cannot delete a user. I get this error message "Insufficient privileges to complete the operation". I have made sure the client app has "Directory.ReadWrite.All" API permissions.

I don't know what else I'm missing here. There are couple other threads where adding "Company Administrator" (does not exist anymore) or "User Administrator" role to the Service principal associated with my app registration. My client app runs as a background application. How can I access the Service principal associated with my app registration?

Following is the code snippet

await graphClientB2C.Users[b2cUserId].Request().DeleteAsync();
Vivek N
  • 991
  • 12
  • 22

1 Answers1

0

Directory.ReadWrite.All permission scope grants the following privileges:

• Full read of all directory objects (both declared properties and navigation properties)

• Create and update users

• Disable and enable users (but not company administrator)

• Set user alternative security id (but not administrators)

• Create and update groups

• Manage group memberships

• Update group owner

• Manage license assignments

• Define schema extensions on applications

• Allows password to be set when creating a user.

• Note: No rights to reset user passwords

• Note: No rights to read user passwords

• Note: No rights to delete entities (including users or groups)

• Note: Specifically excludes create or update for entities not listed above. This includes: Application, Oauth2PermissionGrant, AppRoleAssignment, Device, ServicePrincipal, TenantDetail, domains, etc.

With this you can not delete the user from graph api. Make sure to have User.ReadWrite.All permission (for permission type Application) and grant admin consent and try to delete. Delete a user

JayakrishnaGunnam-MT
  • 1,548
  • 1
  • 5
  • 9