Microsoft Graph API - Get Groups - Permission Error - microsoft-graph-api

I am trying to get a list of groups from https://graph.microsoft.com/v1.0/groups with the correct application permissions. I created an application in portal.azure.com and added application permissions (generated client secret etc). This seemed to be working but after adding and removing other permissions the application stopped working so I set up a new application (new client id and secret) with the same permissions when it was working and all expected calls are working expect https://graph.microsoft.com/v1.0/groups for which I get this error:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "adad2794-0000-43f6-812c-091acec39f7c",
"date": "2020-03-06T12:18:58"
}
}
}
I know the GUID for one of the groups and I can call the APIs for listing group files without and problems but just can't list groups!
Is there a permission I need to add that I'm missing? I'm sure I've added the required permissions, see screenshot.
Thanks.

try Directory.Read.All
Group.Read.All means that you can read everything about a group.

Related

MS Graph permission required to read group[id]/planner/plans, but all requested permissions are granted

I'm trying to use MS Graph to work with Planner tasks, and am currently investigating the API with Graph Explorerprior to writing any code. I'm at the point where I'm trying to list all Planner plans for a given group, using the query https://graph.microsoft.com/v1.0/groups/{c6a12d05-ac5d-4e84-a924-f8be570d75d4}/planner/plans. I'm getting a 403, but when I look under the Modify Permissions tab I already have all four of the suggested permissions:
Am I missing something?
EDIT
This is the error response:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item.",
"innerError": {
"date": "2023-01-13T14:48:07",
"request-id": "61a39484-fd91-47da-be0f-7e6d5e6e9955",
"client-request-id": "d912b37f-b872-3753-e7f6-f4000d8e7998"
}
}
}
As I can see from the screenshot in the permissions page, the following permissions Group.Read.All and Group.ReadWrite.All are not admin consented as seen in the screenshot below
Please ask your admin to grant you those permissions.

Graph API Beta - LearningProviders 401

I'm trying to use the beta api of LearningProviders described here: https://learn.microsoft.com/it-it/graph/api/employeeexperience-list-learningproviders?view=graph-rest-beta
I'm in a tenant with the new viva integration activeted and in teams i can see correctly all the feature.
With an admin account i'm trying to use the API but I only recive 401 Error with the following body when I try to call the api /employeeExperience/learningProviders
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2022-07-29T12:50:14",
"request-id": "b985f230-5e34-4e95-9c03-4a192b9cd2e2",
"client-request-id": "b985f230-5e34-4e95-9c03-4a192b9cd2e2"
}
}
}
I tried both to call the API from the graph explorer (And i've added the correct permission to the Graph Explorer app registration) and also with a new app registration with the correct delegated permission.
I'm not able anyway to get any response.
Anyone facing the issue?
Thanks
thanks for reaching out to us .
Could you please decode your access token in http://jwt.ms/ and make sure you have LearningProvider.Read delegated permission added in your scopes .
please let us know if you have any query,
thanks
permissions - https://learn.microsoft.com/en-us/graph/permissions-reference#delegated-permissions-27

Planner tasks endpoint always returns a 403?

I'm attempting to get tasks assigned to a specific user from the Graph API, so based off of the sample query in the graph explorer i'm using this endpoint
https://graph.microsoft.com/v1.0/users/<user-email>/planner/tasks
Which works fine for whatever user I'm signed in as, but attempting to get tasks for a user I'm not signed in as will always return with a 403 and say I don't have the required permissions. Group.ReadWrite.All is granted by admin, and according to the graph docs, that should be fine, but no luck.
I've also just created a new demo tenant and one by one granted permissions in the graph explorer with admin and still no luck! So i'm doubting the issue really is permissions. And for the record I've tried v1.0 and beta endpoints, and I've attempted this in a SPFx Web Part, and it doesn't work in practice either.
Not sure that it will help, but this is what is being returned each time:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item.",
"innerError": {
"request-id": "b02e3529-a4ae-4825-b4e6-7fc9b1fa228e",
"date": "2019-03-27T12:28:41"
}
}
}
Anyone else ran into this issue or know of a workaround?
Reading tasks for other people is not allowed. We are investigating app-only request support, which should enable this scenario.

How to create an event into a group

I'm using Microsoft Graph API v1 with Administrator credentials via my software to create Events in a Group. However the response I get is a 403 with the following:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "c4754c79-5e3a-4f63-9f88-404100513796",
"date": "2018-07-11T10:11:27"
}
}
}
on a POST request to https://graph.microsoft.com/v1.0/groups/{idGroup}/events/
I have checked all rights provided to the app via Azure AD and everything is fine (tokens, code and scope with Group.Read.All Group.ReadWrite.All). The Group is also created, the users are added to it and the owner is the admin I use for the create request.
I have also tried on the Microsoft Graph API Explorer but i have the same error.
Yesterday morning the creation was possible but I think some rights were corrupted. Is anybody has got this problem before? How to fix it?
After a few days without any changes in the code the problem dissapeared.
I am still not sure of what happened, anyway thanks guys !

List joined teams failed with delegated permission

{ "error": { "code": "AuthenticationError", "message": "Error authenticating with resource.", "innerError": { "request-id": "525e9057-9f49-4ef3-b3d1-200ec34033e6", "date": "2017-07-15T01:33:22" } } }
When I try to list joined teams, it always failed with this error. But just a little times it will work.
https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/user_list_joinedteams
Any help?
Thanks!
If you take a look at this: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/group_list
Under the Permissions section, you will see that when you create the Enterprise Application (assuming Azure AD), you need to specify the permissions and grant them to the application (If using Azure AD 2, they you set the scope in the code and not through the portal)
The problem I'm running into is that the User.Read.All and User.Read.Write require Admin privileges - I read that even with this, one only gets access to their own directory resources.
In short, you are not assigning the right permissions to your application which is why you get the error when executing the GET groups

Resources