Unable to delete AppRoleAssignment using Beta Graph API - microsoft-graph-api

I'm using the Graph API beta endpoint to try and delete an AppRoleAssigmnet:
https://graph.microsoft.com/beta/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
109
{
"error": {
"code": "Request_UnsupportedQuery",
"message": "Direct queries to this resource type are not supported.",
"innerError": {
"request-id": "aa7c14a3-f700-4368-898e-009f1608ade1",
"date": "2019-04-30T00:29:50"
}
}
}
0
According to the beta documentation, this is allowed:
https://learn.microsoft.com/en-us/graph/api/approleassignment-delete?view=graph-rest-beta
I also verified the correct permissions according to the documentation as well.
I know this is a beta endpoint but any chance this will be fixed soon or do I need to use the Azure AD API instead?
UPDATE
I tried going through the users collection and it also fails:
https://graph.microsoft.com/beta/users/7e73da23-31d7-4eff-9a0b-05fcb15f5c9b/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
fb
{
"error": {
"code": "BadRequest",
"message": "Write requests are only supported on contained entities",
"innerError": {
"request-id": "b6db0eee-dc45-4e10-a56c-9a870fb7315c",
"date": "2019-04-30T23:49:24"
}
}
}
0
I tried going through the service principal collection and it also fails:
https://graph.microsoft.com/beta/servicePrincipals/27e0a182-2008-4b4e-b998-731e0d111041/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
18b
{
"error": {
"code": "BadRequest",
"message": "The type 'microsoft.graph.appRoleAssignment' does not inherit from and is not a base type of 'microsoft.graph.directoryObject'. The type of 'KeySegments' must be related to the Type of the EntitySet.",
"innerError": {
"request-id": "8c981e82-755e-4c25-b448-58d2b71e12c7",
"date": "2019-04-30T23:46:20"
}
}
}
0

I'm afraid this service bug has existed for a very long time. The only thing I can say is to try this with AAD Graph until this is fixed in Microsoft Graph. The schema unfortunately models appRoleAssignments as a standard relationship, whereas in fact it is implemented as a contained entity (i.e. you can only operate on the app role assignment when it is contained as part of another entity - like users, groups or servicePrincipals). The schema definition needs to be updated. The documentation is accurate IMHO.
Hope this helps

Related

Teams Export API not allowing me to filter by channel

I'm trying to use the Teams Export API to export a single Teams channel. I have my permissions set up properly; if I make a request to
https://graph.microsoft.com/v1.0/teams/{TEAM_ID}/channels/getAllMessages (without specifying a filter), I get the paginated results of all of the channel messages on my team. If I copy the sample datetime filters in that documentation, I also get a successful response with the appropriate results.
A successful response gives me a list of messages. Each one shows a channelIdentity field, which contains a channelId (fields removed for readability):
{
"value": [
{
"channelIdentity": {
"teamId": "{TEAM ID}",
"channelId": "{CHANNEL ID}"
},
},
]
}
What I want is to use this channelIdentity/channelId field as a filter on the results, so that I can export just the messages from a single channel.
If I run GET https://graph.microsoft.com/v1.0/teams/{TEAM_ID}/channels/getAllMessages?$filter=channelIdentity/channelId eq '{CHANNEL ID}', I get an error:
{
"error": {
"code": "BadRequest",
"message": "The entity property 'channelIdentity/channelId' and operationKind 'Equal' is not allowed in $filter query.",
"innerError": {
"date": "2022-11-16T23:47:06",
"request-id": "...",
"client-request-id": "..."
}
}
}
This reads to me like I'm not allowed to use eq with this ID. If I try a 'starts with', I get a different error:
GET https://graph.microsoft.com/v1.0/teams/{TEAM_ID}/channels/getAllMessages?$filter=startswith(channelIdentity/teamId, '{CHANNEL ID}')
{
"error": {
"code": "BadRequest",
"message": "Only binary operation expressions are allowed.",
"innerError": {
"date": "2022-11-17T00:11:26",
"request-id": "...",
"client-request-id": "..."
}
}
}
I'm unclear on what this is trying to say - either the ID starts with that phrase or it doesn't; it seems like a binary expression to me.
Is there some other approach I should use to get these results filtered by channel ID?
This API is designed to export everything from a team for backup/archival scenario. So, filtering by a specific channel is not supported now.
If you wish you may suggest this feature on Microsoft Feedback portal.
Any reason why you don't use List Channel Messages?
You can then make a GET call against this URL:
"https://graph.microsoft.com/v1.0/teams/{teamid}/channels/{channel id}/messages"
Note - as per that link you will need to Request access:
https://learn.microsoft.com/en-us/graph/teams-protected-apis
One other method, if you are using Graph Explorer, is add the signed-in user to the team as an owner, and it will let you test this method, you just won't be able to call via an App Registration until you do fill out that form.

How to access shifts of a team? "Sorry, the team was not found, or you may not have access to it"

I would like to read a team's shifts using https://graph.microsoft.com/v1.0.
However i always fail with different errors and get contradicting server messages.
I send the API requests with Postman.
I am using Application authorization method. I think i have set all required Api permissions for my app.
I beleive i supply the correct headers, like:
Authorization
Content-Type
MS-APP-ACTS-AS
When i send the request like this to GET a team:
GET https://graph.microsoft.com/v1.0/teams/{id}
i get the following error message:
"error": {
"code": "NotFound",
"message": "No team found with Group Id {id}",
"innerError": {
"date": "2020-09-05T08:37:17",
"request-id": "id"
}
}
But when i try to create the team (from a group) like this:
PUT https://graph.microsoft.com/v1.0/groups/{id}/team
I get the error as follows:
"error": {
"code": "Conflict",
"message": "Team already exists",
"innerError": {
"date": "2020-09-05T08:33:33",
"request-id": "id"
}
}
When i try to make my actual call of interest, like:
GET https://graph.microsoft.com/v1.0/teams/{id}/schedule/shifts
That also fails with error:
{
"error": {
"code": "NotFound",
"message": "{\"error\":{\"code\":\"NotFound\",\"message\":\"Sorry, the team was not found, or you may not have access to it.\",\"details\":[],\"innererror\":{\"code\":\"TeamNotFound\"}}}",
"innerError": {
"date": "2020-09-05T08:59:55",
"request-id": "id"
}
}
}
Pleaset help me understand what i am doing wrong!
Thank you in advance!
Solved (itself).
So what was happening:
i created a team (directly or from a group).
created a schedule for the team.
get the schedule for the team, and see the response:
"enabled": false,
"provisionStatus": "Failed", (so not running or queuing or something)
"provisionStatusCode": "GraphResourceNotFound",
struggle few (like 4-5) days
without changing a thing, get the schedule showing:
"enabled": true,
"provisionStatus": "Completed",
"provisionStatusCode": null,
Maybe it would help others to see the possible wait time length or add a clarification about the provisionStatus field’s status progression.

Microsoft Graph SharePoint access items (read/write)

I am attempting to create a new list item in SharePoint Online using the [beta] Microsoft Graph endpoint. The goal is to call Microsoft Graph from an Outlook Add-in but the problem persists on Postman.
When I call the endpoint as per the documentation I get the following error message:
{
"error": {
"code": "unauthenticated",
"message": "The caller is not authenticated.",
"innerError": {
"request-id": "bb094f39-71c9-4c7d-9d9b-913cc9622baf",
"date": "2017-08-08T11:32:02"
}
}
}
I'm using ADAL JS to fetch the authentication token and I initialized my AuthenticationContext with my tenantID. My app has the following permissions: offline_access, Sites.Read.All, Sites.ReadWrite.All, User.Read
2nd Edit - more details on readItem
I use the https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items endpoint with the {site-id} of my desired site from /sites and the {list-id} of the list from /sites/{site-id}/lists but this is the empty response I get:
{
"#odata.context": "https://graph.microsoft.com/...",
"value": []
}
If I try to to add /{item-id} to my original call to access specific item I receive this response:
{
"error": {
"code": "itemNotFound",
"message": "The specified list was not found",
"innerError": {
"request-id": "6e7ccae3-3aee-4dbb-ae3e-de61250478e0",
"date": "2017-08-09T13:13:33"
}
}
}
Which doesn't make sense because I can retrieve valid information about the list if i make the call without /items/..
Any and all input appreciated :) I'll gladly provide more code, this is all I deemed relevant and didn't want to overcrowd the post.
might be that you actually don't have an item with that id, since https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items/1 works for me.
test the id's you really have by just https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items and each item returns it's id.

400 when accessing shared file using graph api with shared url

I called the endpoint /shares/{shareId} using msgraph-sdk-php, but got response 400 as:
{
"#odata.context":"https://graph.microsoft.com/v1.0/$metadata#shares/$entity",
"id":"s!here-is-the-share-id",
"name#odata.type":"#String",
"name":{
"error": {
"code": "BadRequest",
"message": "A primitive value was specified; however, a value of the non-primitive type '' was expected.",
"innerError": {
"request-id": "3ea56b1c-acd6-4fdf-a856-c46b35e01cb7",
"date": "2017-05-25T05:26:23"
}
}
}
(Yes, I even got 4 left brackets but only 3 right brackets.)
while I can get correct response via api.onedrive.com api with the same shareId.
I really can't find any tips from documentation.
Thanks for letting us know about this #SevenOutman! This was a configuration issue that has now been resolved.

Unable to update organization properties

I've encountered a problem while trying to update organization's properties using Microsoft Graph API. I've followed these docs and tried it in graph explorer.
My request looks like this:
{ "displayName": "My Company Name" }
Whatever I do I always get the following error:
"error": {
"code": "Request_BadRequest",
"message": "Specified HTTP method is not allowed for the request target.",
"innerError": {
"request-id": "dfd9ae19-2774-4b10-8d74-f6f6cd21f712",
"date": "2016-05-16T14:48:02"
}
}
What am I doing wrong?
I have tried in my test tenant and results in the same error.
https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/organization
In the above document it is mentioned that we can update "marketingNotificationMails" and "technicalNotificationMails" properties alone through Update API. So I think you can't update the organization display name.
It does appear as though updates are limited on the organization entity. Please file a request to Uservoice to ask for this feature.

Resources