Azure - Unable to edit others about me in graph api

Sfynx
October 24, 2023
311 views
0 votes
2 Answers

I am currently trying to manipulate the "aboutMe" field of a user. See:

https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0

https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http

I am able to edit my own aboutMe field, but not that of others. Am I missing a permission? Is there a reason I can’t edit the property of others? In the "update user" documentation it says:

To update the following properties, you must specify them in their own PATCH request, 
without including the other properties listed in the table above: aboutMe, birthday, 
interests, mySite, pastProjects, responsibilities, schools, and skills.

This is the request I am currently trying:

And this is the response I am getting:

Tags: azure microsoft-graph-api

Answers

- user2250152
- October 24, 2023 at 7:19 am
- 0 votes
0
I think that you must be assigned at least User Administrator role to be able to edit properties of others.

Required permissions are Directory.ReadWrite.All and User.ReadWrite.All.

Login or Signup to reply.

- Sridevi
- October 24, 2023 at 8:49 am
- 0 votes
0
Note that properties like aboutMe, birthday, interests, mySite, pastProjects, responsibilities, schools and skills can only be
updated by signed-in user itself not by others even if they have
Administrator roles.

Initially, I generated access token using authorization code flow by signing with Global Administrator account via Postman like this:
```
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
grant_type:authorization_code
client_id: appId
client_secret: secret 
scope: https://graph.microsoft.com/.default
code: code
redirect_uri: https://jwt.ms
```
Response:

When I ran below PATCH request with token generated with user having Global Administrator role, I too got same error as below:
```
PATCH https://graph.microsoft.com/v1.0/users/[email protected]
{
    "aboutMe" : "test"
}
```
Response:

To resolve the error, you need to generate access token by signing
in with user account for which you want to update aboutMe field and
run PATCH request calling /me endpoint.

You can decode the token in jwt.ms and check upn and scp claims for confirmation like this:

When I used above token in calling /me endpoint via PATCH request, I got response successfully as below:
```
PATCH https://graph.microsoft.com/v1.0/me
{
    "aboutMe" : "test"
}
```
Response:

With roles like User Administrator or Global Administrator, you can update sensitive properties like accountEnabled, mobilePhone etc.. of other users but not aboutMe property.

Reference:
Update user – Microsoft Graph v1.0
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – Unable to edit others about me in graph api

Answers