Is it possible to extract from Microsoft Graph to fetch what user has created a specific 365 group? I need to get which user created specific team site.
Best R, Thomas
For non admins users you can use this:
https://graph.microsoft.com/v1.0/groups/{group object id}/createdOnBehalfOf
For every user you can use the List directoryAudits operation with the following query and extract initiatedBy/user/id from each returned record.
https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=category eq 'GroupManagement' and activityDisplayName eq 'Add group'
Related
I am trying to get all users out of a tenant with power automate.
But when i try to filter out users with userType Member.
I keep getting the error:
Enter a Valid URI ( even tough i am using a valid URI that is used inside the docs)
https://graph.microsoft.com/beta/users?$filter=userType eq 'Member'
Do not specify $filter query in URI but add it to Queries.
Example (not sure if I'm using the same trigger):
A react application queries the Microsoft Graph to discover if a user is a member of a particular active directory group. Right now, there's this route:
https://graph.microsoft.com/v1.0/me/memberOf
The above does work in the application. It returns a (fairly sizable) object containing all of the user's groups, so I could iterate through the list, but it would be nice to directly check if the user is a member of a single group.
Given that I can already see the list of all groups, this doesn't seem like it should be difficult, but I'm not finding the route to do so.
Am I missing something obvious?
Thanks.
P.S. It would be nice if I could do this without requiring administrator permission on the application registration.
If you already know the group's ID, you can get the members of that group, and check whether the user is a member. I.e. the inverse of what you are doing now.
Or, if you have both the user's and the group's ID, you can filter like this:
https://graph.microsoft.com/v1.0/users/48d31887-5fad-4d73-a9f5-3c356e68a038/memberOf?$filter=id eq '1e770bc2-3c5f-487f-871f-16fbdf1c8ed8'
The first ID is the user, and the filter's ID is the group.
If it is for the currently signed in user, you can shorten it to
https://graph.microsoft.com/v1.0/me/memberOf?$filter=id eq '1e770bc2-3c5f-487f-871f-16fbdf1c8ed8'.
If the user isn't a member of the given group, you will get a return code Request_ResourceNotFound
I am writing an application and need to read basic Instagram user info such as username, #posts, #followers and etc. This works well for public users but for private users returns:
{
"meta":
{
"code":400,
"error_message":"you cannot view this resource",
"error_type":"APINotAllowedError"
}
}
Let's say I am signed in as user A, and we want to show information from User B which is private to user A (user B also authorized my application to access it's basic info). I am using the following end point to read user B information:
https://api.instagram.com/v1/users/<userB_ID>/?access_token=<myAccessToken>
Am I missing something? or should I use different end point?
Update (Solution #1)
It seems one solution to fix this is to use Query end point. I was trying to manage all my work with Instagram user IDs (not usernames) but it seems I have to use usernames for the query. Is there a way to use query with user ID?
Here is what it looks like:
https://api.instagram.com/v1/users/search?q=<UserB_Username>&client_id=<myClientID>
if <myAccessToken> is to get user A's info, you can't get User B's info with it. If you have a backend to this app, then you can store different access tokens for each user, and make the call with the appropriate access token, and feed the info to the app through your own API.
I want to remove groups in Users role in a given project using api call . How can i do that? I can remove all the groups and users using
jiraSoapService.removeAllRoleActorsByProject(authToken,remoteProject);
But i want to remove only groups of Role - Users how can i do that?
Thanks
You should use removeActorsFromProjectRole method from SOAP API:
jiraSoapService.removeActorsFromProjectRole(
authToken,
arrayOfGroupNames,
projectRole,
project,
"atlassian-group-role-actor");
If you'd like to remove users and not groups, you should use "atlassian-user-role-actor" as the last argument for that method.
I am creating an online survey tool.
As an administrator, i would like to see what the users have answered and also be able to answer on their behalf. The system get's a users answers and other information based on his/her username, when they are logged in, using the built in membership provider.
There are currently three roles: Administrator, Moderator and Respondent
If i would like to show my administrator a list of users,
how would it be possible to create a "backdoor" for the administrator, so that he can "log" in as the user, see the users answers etc ? (Just like the user would be able to if he was logged in to his own account).
When answering and retrieving quyestions, the system is bound to `User.Identity.Name
My suggestion on how to solve this:
Currently, when i want to retrive a users answers i use the following code:
Firma_ID = db.Firma.Single(x => x.CVR_nummer == User.Identity.Name).firma_id;
var answers = db.Tabelform_Answers.Where(x => x.question_id == model.Question_ID && x.respondent == Firma_ID);
This is because i have a table named Firma, that has a column referencing to a users Name, called CVR_Nummer. I then retrieve all the records in the Tabelform_Answers table, that match question_id and Firma_ID (A users answers for a specific question).
Instead of using `Firma_ID = db.Firma.Single(x => x.CVR_nummer == User.Identity.Name).firma_id;
to retrive the Firma_ID of a given user, i could store it in the Session upon Login. When i want to view a specific users Answers as Administrator, i would then just change Firma_ID in the Session. Changing Firma_ID in the Session would only be allowed through a controller which has the following code:
[Authorize(Roles = "Administrator")]
Also, i would set the Session timeout to be the same as the Authentication timeout.
Can somebody tell me which pros and cons of this solution? Are there any other ways of storing a "global" variable for a Session? (Firma_ID)?
Thanks
If you only need to log in as your users, I went for a ticket-method.
I have a special login-page that can take a ticket-id. This ticket is created in the admin-gui when the admin wants to log in as another user. The login-page checks the ticket in the database, logs in the wanted user, and then deletes/marks the ticket as used. As an added security, a ticket is only valid for 10 seconds after creation.
Another option is to make answers from users available from the admin-gui...
also you can do in your log-in script override
so you have at present something like
if user name and password match string then user is logged in and based on this you get user permissions
instead have admin page,
where you can select user and then you can apply permissions of the user instead of admin.