Office 365 usage reports are protected by both permissions and azure ad roles and supports two types of authorization including user delegated.
delegated permissionis required when you sign in with work or school account to > getSharePointSiteUsageDetail .Then the user consent is also needed along with admin consent ,where user must have one of the following roles:
Company Administrator, Exchange Administrator, SharePoint Administrator, Lync Administrator, Teams Service Administrator, Teams Communications Administrator, Global Reader, Usage Summary Reports Reader, or Reports Reader. The Global Reader and Usage Summary Reports Reader roles will only have access to tenant-level data, without visibility into detailed metrics., To consent on behalf of user, you need to have
i.e; the user must be a member of an Azure AD limited administrator role.
- MSGraphClient uses
implicit authentication access token.Check the access token after Decoding in https://jwt.ms .It may not have had the “wids” claim ( which Denotes the tenant-wide roles assigned to this user, through the groupMembershipClaims property of the application manifest. ).This claim which lists which Azure AD roles are assigned to the delegated user .And so , if not present states it doesn’t have permissions.
The permissions requested in the SPFx package need to be granted by a SharePoint Admin explicitly. Even the ones which do not need an admin consent . This is so that all permission scopes allowed to be consumed from SPFx customisations have to go through Admin approval. So Admin must grant the permissions again.
By default if no permissions are granted, the only available permissions scope is user_impersonation which allows you to get limited information from the Graph.
Please refer these links for more details:
CLICK HERE to find out more related problems solutions.