I want to fetch custom security attributes of user using Graph API
I am trying to get the Custom Security attributes of a user using graph API. I am calling the following graph API end point https://graph.microsoft.com/v1.0/me?$select=customSecurityAttributes the result we are getting is
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#users(customSecurityAttributes)/$entity",
"id": "aa76f0c6-d534-46ea-8dc0-48c917567dce",
"customSecurityAttributes": null
}
I already have access token that contains the following scope -
CustomSecAttributeAssignment.Read.All CustomSecAttributeDefinition.Read.All Directory.Read.All email offline_access openid Presence.Read.All Presence.ReadWrite profile TeamworkTag.Read User.Read User.Read.All User.ReadBasic.All
Please guide me what else needs to be done or what I am doing wrong here.
I have one user with below custom security attributes in Azure Portal:
Initially, I too got null value when the signed-in user does not have required role to fetch custom security attributes:
GET https://graph.microsoft.com/v1.0/me?$select=id,customSecurityAttributes
Response:
To fetch these custom security attributes details via Graph API, the signed-in user must be assigned with "Attribute Assignment Administrator" role in delegated scenarios. Check this MS Document.
In my case, I assigned "Attribute Assignment Administrator" role to signed-in user as below:
When I tried the same after few minutes, it worked and I got custom security attributes in response successfully as below:
GET https://graph.microsoft.com/v1.0/me?$select=id,customSecurityAttributes
Response:
In your case, make sure to assign "Attribute Assignment Administrator" role to signed-in user along with CustomSecAttributeAssignment.Read.All permission.