**CMK version:2.0.0p11 (CEE)
**OS version: RHEL7
With services being monitored in Azure, with the service “Azure Agent Info” I am getting the error message Graph client: Insufficient privileges to complete the operation.CRIT . One of the people here who looks after the Azure setup has had a look at it and if he gives the Azure user configured for the tests the permissions to read the info it will try and get each user one at a time. The issue is that the Azure AD that it is looking at has over 340000 users in, since it is hold student accounts. The Azure expert says there is a call to return the number of users and wonder if this could be used instead of getting users one at a time.
Is this an issue anybody else has come across, and found a way around it ?
This sounds like something for which you would need to open a ticket with the tribe.
Especially as no one seems to have input on this.
I had a short look at the special agent and it is really so that it pulls the complete user list only to count the users. This makes no sense
@Wessley - you can modify the special agent a little bit to avoid this.
Inside the “write_section_ad” you find two lines.
users = graph_client.users()
If you comment the first one and set a static “users” value, you can avoid the fetching of all users.
The fetching itself is defined in the “GraphApiClient” inside the “def users”
Thanks for the response. Do I have to restart CMK for the change to take affect or will it work the next time the special agent is called ?
Hi, regarding the “Insufficient privileges”, please check: Azure Host issues - #7 by DavideDG
I was not (yet) able to find a lower permissions settings, though… anyone can help with that ?
@andreas-doehler nice workaround … since I do not need a check on Azure users, I might actually end up disabling it altogether… would be nice if the special agent had an option to choose which sections to retrieve from Azure (smth like the VMWare agent…).