Filter on Guid for AppRoleAssignedTo.PrincipalId does not seem to work as expected

[chassq]

Describe the bug Using C# SDK nuget package Microsoft.Graph 5.40.0. Any time we try to create a filter like

var userId = "<GUID VALUE>";
 if(!Guid.TryParse(userId, out var userGuid))
 { 
     return false; 
 }

var appRoleAssignments = await graphClient.ServicePrincipals[ObjectId]
                     .AppRoleAssignedTo
                     .GetAsync(cfg => {
                         cfg.QueryParameters.Filter = $"principalId eq '{userGuid}'";
                         cfg.QueryParameters.Count = true;
                         cfg.Headers.Add("ConsistencyLevel", "eventual");
                     }, cancellationToken: cancellationToken)
                     .ConfigureAwait(false);

It returns the error: Invalid filter clause: A binary operator with incompatible types was detected. Found operand types 'Edm.Guid' and 'Edm.String' for operator kind 'Equal'.

We looked at the PrincipalId and it looks to be a Guid type. So, we removed the single quotes from the filter around the userGuid value and we get the following error: Links to EntitlementGrant are not supported between specified entities.

Are we missing some kind of grant of permissions? Our App Registration currently has Directory.Read.All that has admin consent turned on. Are we missing something?

Any guidance or links to docs for this would be greatly helpful.

Thanks!

To Reproduce Steps to reproduce the behavior: Use the sample code above and see if this fails for you.

Expected behavior The code above to work with no error.

Desktop (please complete the following information):

• OS: Windows 11 lates patches
• Browser Edge
• Version Version 120.0.2210.144 (Official build) (64-bit)

Additional context Microsoft Visual Studio Enterprise 2022 Version 17.9.0 Preview 2.1 VisualStudio.17.Preview/17.9.0-pre.3.0+34511.98 Microsoft .NET Framework Version 4.8.09032

Installed Version: Enterprise

Visual C++ 2022 00476-80000-00000-AA741 Microsoft Visual C++ 2022

ADL Tools Service Provider 1.0 This package contains services used by Data Lake tools

ASA Service Provider 1.0

ASP.NET and Web Tools 17.9.153.1332 ASP.NET and Web Tools

Azure App Service Tools v3.0.0 17.9.153.1332 Azure App Service Tools v3.0.0

Azure Data Lake Tools for Visual Studio 2.6.5000.0 Microsoft Azure Data Lake Tools for Visual Studio

Azure Functions and Web Jobs Tools 17.9.153.1332 Azure Functions and Web Jobs Tools

Azure Stream Analytics Tools for Visual Studio 2.6.5000.0 Microsoft Azure Stream Analytics Tools for Visual Studio

C# Tools 4.9.0-2.23613.5+47b0a1e0ab831076eda00bb1e24b9d042d256e17 C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Common Azure Tools 1.10 Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Entity Framework Core Power Tools 2.6 Adds useful design-time EF Core DbContext features to the Visual Studio Solution Explorer context menu.

Extensibility Message Bus 1.4.39 (main@e8108eb) Provides common messaging-based MEF services for loosely coupled Visual Studio extension components communication and integration.

Microsoft Azure Hive Query Language Service 2.6.5000.0 Language service for Hive query

Microsoft Azure Stream Analytics Language Service 2.6.5000.0 Language service for Azure Stream Analytics

Microsoft Azure Tools for Visual Studio 2.9 Support for Azure Cloud Services projects

Microsoft JVM Debugger 1.0 Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Mono Debugging for Visual Studio 17.9.0 (b3bca6f) Support for debugging Mono processes with Visual Studio.

NuGet Package Manager 6.9.0 NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

Razor (ASP.NET Core) 17.9.2.2357901+dfac5e3cec112dd38af95d899f85347f2e64411a Provides languages services for ASP.NET Core Razor.

SQL Server Data Tools 17.9.39.0 Microsoft SQL Server Data Tools

Test Adapter for Boost.Test 1.0 Enables Visual Studio's testing tools with unit tests written for Boost.Test. The use terms and Third Party Notices are available in the extension installation directory.

Test Adapter for Google Test 1.0 Enables Visual Studio's testing tools with unit tests written for Google Test. The use terms and Third Party Notices are available in the extension installation directory.

ToolWindowHostedEditor 1.0 Hosting json editor into a tool window

TypeScript Tools 17.0.21025.2001 TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools 4.9.0-2.23613.5+47b0a1e0ab831076eda00bb1e24b9d042d256e17 Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual F# Tools 17.8.0-beta.23570.1+e9491ad27f8c9399cdd68e2308e906851a6db84f Microsoft Visual F# Tools

Visual Studio IntelliCode 2.2 AI-assisted development for Visual Studio.

VisualStudio.DeviceLog 1.0 Information about my package

VisualStudio.Mac 1.0 Mac Extension for Visual Studio

VSPackage Extension 1.0 VSPackage Visual Studio Extension Detailed Info

Xamarin 17.9.0.62 (main@1a123c3) Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin Designer 17.9.2.9 (remotes/origin/d17-9@dba677e96e) Visual Studio extension to enable Xamarin Designer tools in Visual Studio.

Xamarin Templates 17.9.0 (38e87ba) Templates for building iOS, Android, and Windows apps with Xamarin and Xamarin.Forms.

Xamarin.Android SDK 13.2.2.0 (d17-5/45b0e14) Xamarin.Android Reference Assemblies and MSBuild support. Mono: d9a6e87 Java.Interop: xamarin/java.interop/d17-5@149d70fe SQLite: xamarin/sqlite/3.40.1@68c69d8 Xamarin.Android Tools: xamarin/xamarin-android-tools/d17-5@ca1552d

Xamarin.iOS and Xamarin.Mac SDK 16.4.0.23 (9defd91b3) Xamarin.iOS and Xamarin.Mac Reference Assemblies and MSBuild support.

[andrueastman]

Thanks for raising this @chassq

As this repo is mainly intended for SDK related issues, we may not be best placed to know if the API supports this scenario. Any chance you can post the question at the link below to get feedback from the API owners? It would be great if you could post back the link to the created question so that anyone who comes across this may also benefit from the info.

https://learn.microsoft.com/en-us/answers/tags/161/ms-graph

[MartinM85]

Filtering by principalId is not supported. Endpoint supports only filter by principalDisplayName cfg.QueryParameters.Filter = $"principalDisplayName eq '{userDisplayName}'";

[chassq]

@andrueastman I posted it here: https://learn.microsoft.com/en-us/answers/questions/1517028/filter-on-guid-for-approleassignedto-principalid-d

[chassq]

@MartinM85 Thanks so very much for the suggestion. It worked!

Still, it just feels funny to query on a name and not a unique identifier. Seems weird because you could delete a user (e.g. Tom Smith) in Azure AD and add a new user back (e.g. Tom Smith) which are two completely different users but just happen to have the same name. Or potentially the name contained special characters that blew up the query string?

[andrueastman]

Thanks for feedback here @chassq

As this is not supported by the API, I would also suggest creating a feature request at the link below so that the API owners may look into adding support for this.

https://feedbackportal.microsoft.com/feedback/forum/ebe2edae-97d1-ec11-a7b5-0022481f3c80

We'll close this here for now as this isn't SDK related.