Microsoft Groups/Teams: Can't create plans for Planner App - microsoft-graph-api

I created a Group using
https://learn.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=http
and then used
https://learn.microsoft.com/en-us/graph/api/team-put-teams?view=graph-rest-1.0&tabs=http
to create a Team. Now I am facing issue when adding a plan using a Planner app
"Failed to create the plan."
How I can fix this issue?
In my investigations, I found that the other team members are able to create plans. As an owner of the team, I am not able to create them. if I am trying graph API I'm getting an error:
You do not have the required permissions to access this item, or the item may not exist.

I'm glad you came right and that I was able to help. I'm updating the answer so that it's more clear on a few points:
Technically, this actually has nothing to do with Teams at all, it relates to Office 365 Groups, which forms the core underneath Teams, Planner, and more. You actually link in your question to the Groups docs, incidentally. I've updated the question title to reflect this.
I haven't tested this exactly, but I doubt that it needs your account exactly in the Owners and Members - I suspect the main constraint is that there needs to be at least one person in each of those roles (that means there has to be at least one Owner and at least one Member). Arguably, this is actually a bug in Planner, but it was maybe never detected by Microsoft because if you create a Group from the web interface, it automatically puts your user in as Owner and Member.
If you do put your own account into both positions, but that's not what you want long term, you could probably just take them out after creating the Planner plan.
Just a reminder that best practice is to have more than one owner of a Group, in case/when the original Owner is not/no longer available.

It's fixed after adding the creator of teams as a member too. So I had to add the user who is creating Teams in Team members too.

I made sure that there was another owner on the Team, demoted and removed the owner and the re-added them to the team. This resolved the issue that I had with multiple teams

Related

Is it possible to list student members of an inactive (education class) team?

I'm creating education class teams via MS Graph API. I create an education class and then a team for that class using the method described here: Create a team from group.
Teams remain inactive until the teacher is ready to set up and activate the team. All good.
But until a team is activated, when I List members of a team, non-owner members (students) are not included in the response.
Is anyone aware of an option to include the students in the response? Note that if I List members of the Education Class then the students are included, but that does not give me the team membership-id required to Remove members from team.
You can't do this with Microsoft Graph API at this point. Uservoice is raised on this.
One bit of clarification, the Team isn't "inactive" so much as it hasn't been fully provisioned yet. When creating a Class, it adds a Team provisioning option. This simple queues it up for provisioning when the owner opens the UI. Until then it is simply a Group.
Since there isn't a fully provisioned Team, there isn't a Team to remove members from. What there is, however, is a Group/Class directory object. Removing a member from the Class (or the Group) will result in that member not getting added to the Team if/when the actual provisioning occurs.

Cannot manage security in TFS 2018 on a Team Project with Project Collection Adminstrator Role

I have been converting access to Team projects using Active Directory groups.
I am a project collection admin and we host around 40 odd team projects.
On all the other proects everything is fine, I have been able to add all the AD groups I needed to the Various TFS groups that exist in a Team Project (Contributors, Readers etc).
When I come to the problem project I can see the add button, and I am able to search for and select the AD group I want, but when I click save, I see a red banner message with the text:
Unable to add members to this group.
Failed to resolve the specified groups to join.
You do not have sufficient permissions to add members to the following groups:
[Team Project]\Build Administrators
I have looked at the oi and all I can see around the time of the issue are activities reporting a 200 response.
I am looking at the api and the database to see what I can do but not sure where to start. I thought I might be able to see something about security but it is asking for a guid that I am not sure how to get hold of.
Looking at the database I thought there might be a security table, but not sure where to start.
I'm going to keep looking at what to do, so I am going to keep this updated
update 2019-03-27
We have a support call open with Microsoft, I still have issues managing the teams, but I have been able to update the team via the Apis, I even found a useful little CLI tool to help with the tasks I needed to do.
In my case, I was trying to add someone to a group that I was in - which I don't need since I'm a Project Administrator. Once I took myself out of the group, I was able to add others again.
Got the answer and the fix worked.
After a lot of back and forth, sending files and running some tfssecurity queries, they were able to determine the problem.
What I had done was add the domain User AD containing our project collection admin account in as a project reader, as the security on tfs works on a least level principle it was then applying a deny permision on my Project collection admin account, by simply removing the AD group from the reader level, which I was able to do, the ablity to manage the securities came back.
I havent been able to find the specific group that I belonged to that then set the deny, but there is no denying that removing the AD group from the reader level fixed the issue.

MS Graph API endpoint /v1.0/me/planner/plans doesn't return all my plans

In the past I was reading a list of plans of current user with this REST call of the beta-API:
https://graph.microsoft.com/beta/me/plans
In July 2017 the planner API was released and there are also some minor changes to the endpoints, so the REST call in the V1.0-API now is:
https://graph.microsoft.com/v1.0/me/planner/plans
Unfortunately I do not receive all my plans with that endpoint. Apparently I only get plans that exist for a long time, but any newly created plans are not visible. I tried a lot of actions on my plans like subscribing to, assigning tasks to me, favorize the plan in planner hub, making a plan public or private, but nothing helps, new plans remain invisible in the API.
Can anybody explain what the new endpoint exactly does? The documentation for List plans is not very helpfull.
Can anybody explain how I can a list of all plans (title and id) that I am owner or member of?
The only work-around I have found so far is:
1) Read all unified groups
https://graph.microsoft.com/v1.0/me/memberOf/$/microsoft.graph.group?$filter=groupTypes/any(a:a eq 'unified')
2) for each group: read the planner plan for that group
https://graph.microsoft.com/v1.0/groups/<id>/planner/plans
But that would require one request per group, makeing performance horrible on tenants with dozens of groups.
This API returns plans that have been shared with the current user. Plans can be shared with a user by adding the user's id to sharedWith property of planDetails (Edit: currently users do not have permissions to add or remove others from this list). This is a separate set of users from group membership and does not allow access to data for shared users. Instead, the users will have access if they are group members, and lose access if they are removed from the group.
More information and a sample for updating plan details can be found here.
Additionally, you can submit feedback about the API (and other Planner functionality) here.

How can I add guests or members to projects created through the Asana API?

I currently have a script that takes a list of people and creates new Asana projects, one for each person. These people are not in our Asana organization and need to be invited as guests to their respective projects. If I try to include a followers or members property in my API request, I get denied, and the docs list those properties as read-only.
I noticed this question from over a year and a half ago, where an Asana engineer said that it was on the API roadmap and that he hoped to publish it soon. It seems like the engineer in question no longer works at Asana, so replying to him won't help me, but has any progress been made on this front? Being able to invite guests to each project programmatically would be a huge time saver. Thanks!
We decided to keep this as a read-only endpoint. Apologies for the confusion.
You can add and remove followers on a task through the API. Perhaps you could adjust your workflow to use tasks instead of projects.

Automating Account Disabling in JIRA

I've been reading some feature request-style threads in Atlassian's own JIRA install on how to disable (not remove) users in JIRA, and their suggested solution involves a series of UI actions. For the number of users that our organization supports, this needs to be automated with the rest of our employee account provisioning logic.
I've been looking in the JIRA database and found the membershipbase table, but simply removing records from here WHERE USER_NAME="$username" doesn't seem to have a completely successful outcome. When I go to the User Browser in the Administration section and look up that user, groups still appear for the user.
Does anyone have any experience with this that could point me in the right direction on any other tables I need to modify?
Thanks in advance,
-aj
Maybe you should take a look at Atlassian's Crowd. Even if you don't use SSO, it may help you to integrate with your existing infrastructure for handling authentication and authorization (i.e. groups) centrally. It also provides an administrative frontend that is designed for the corresponding tasks.
You could have a look at the EditUserGroups.setGroupsToLeave() method. As far as I remember, users need to be in the jira-users group to log in. So, if you remove this group from the user, it may be effectively what you need (not delete but deactive user acount).
If this does not help, I'd look into the source code of JIRA (which is available for all types of licenses afaik) to see which tables are modified by the above method.

Resources