Microsoft Privacy API, create SubjectRequest 403 UnknownError

Question

I am trying to create Subject Request (for privacy/compliance).

I am using a MS OAuth app to generate a token with scope = SubjectRightsRequest.ReadWrite.All, I am able to generate the OAuth token and GET list of all subject requests

GET https://graph.microsoft.com/v1.0/privacy/subjectRightsRequests
Content-Type: application/json

200 OK
{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#privacy/subjectRightsRequests",
    "value": []
}

But getting 403 and message=UnkownError when creating a Subject Request

Example Request:

POST https://graph.microsoft.com/v1.0/privacy/subjectRightsRequests
Content-Type: application/json

{
    "type": "delete",
    "dataSubjectType": "currentEmployee",
    "regulations": ["CCPA"],
    "displayName": "TestDSR",
    "description": "DSR for [email protected]",
    "internalDueDateTime": "2022-05-31T00:00:00Z",
    "dataSubject": {
        "@odata.type": "#microsoft.graph.dataSubject",
        "firstName": "Test",
        "lastName": "User",
        "email": "[email protected]",
        "residency": "CA"
    }
}

Response:

{
    "error": {
        "code": "UnknownError",
        "message": "",
        "innerError": {
            "date": "2022-04-30T01:00:09",
            "request-id": "bb30c902-c8b9-4688-80e5-23c2272a77fb",
            "client-request-id": "bb30c902-c8b9-4688-80e5-23c2272a77fb"
        }
    }
}

My OAuth token response even has granted permissions for SubjectRightsRequest.ReadWrite.All

OAUTH Token Generation

I created the token by:

1. Create OAuth app Azure Active Directory > App Registrations

   a. Get <OAUTH_CLIENT_ID>, <OAUTH_CLIENT_SECRET> and

   <OAUTH_REDIRECT_URL>

2. Then make the OAUTH use

GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=<OAUTH_CLIENT_ID>
&response_type=code
&redirect_uri=<OAUTH_REDIRECT_URL>
&response_mode=query
&scope=SubjectRightsRequest.ReadWrite.All
&state=12345 

4. Redirected to Login page. Login with Admin Account of Office 365 account

5. Redirected to <OAUTH_REDIRECT_URL>?code=<OAUTH_CODE>&state=12345

6. Exchange Token

POST https://login.microsoftonline.com/common/oauth2/v2.0/token 

Request body
grant_type=authorization_code 
code=<OAUTH_CODE>
redirect_uri=<OAUTH_REDIRECT_URL>
client_id=<OAUTH_CLIENT_ID>
client_secret=<OAUTH_CLIENT_SECRET> 

Answer 1

I tried to reproduce the same in Microsoft Graph Explorer. I have granted SubjectRightsRequest.Read.All and SubjectRightsRequest.ReadWrite.All permissions.

At first, I tried to get the list of all subject requests and got the response below:

Now, I tried to create delete request type for subjectRightsRequest by posting query like below and got same error:

As mentioned by @user2250152, creating delete request type for subjectRightsRequest is currently may not be supported.

To resolve the above error, try to raise the support ticket to Microsoft.