Change Plan's Owner/Group - Required Permissions missing - microsoft-graph-api

When attempting to update a Planner Plan's group using PATCH, updates to the owner field fail with 403. The attempt is being made using the Graph Explorer (and also fails using PostMan).
An attempt to change the title field succeeds (no issue with permissions, using eTag, etc.) for the call.
The documentation indicate Groups.ReadWrite.All are required, and that the owner can only be changed by the Group Owner, but the account being used is the owner of the unified group.
Are there any additional permissions required?
Example info:
If-Match: W/"JzEtUGxhbiAgQEBAQEBAQEBAQEBAQEBARCc="
PATCH https://graph.microsoft.com/beta/planner/plans/Vk_27olfLESU6vWJNgzVT2UABrBj
BODY:
{
"title": "Updated plan with new group owner",
"owner": "0ab4b389-7c7c-4757-ac75-2ba5de8c8197"
}
RESPONSE:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item, or the item may not exist.",
"innerError": {
"request-id": "7696b78c-474f-4fc0-bba9-4554bfe303c4",
"date": "2018-11-14T16:50:59"
}
}
}

The documentation in this case is misleading/incorrect (it is trying to say the field owner can only be updated by the principal identified by the value of the owner field, which is a group that cannot actually perform operations, not the owner of that group). We'll update the documentation and clarify.
We currently do not allow Plans to be moved between groups, as some of the related items mostly live within the group itself (e.g. membership, comments, document links). We'd like to understand your scenario better to see if we could support it, so please provide feedback on https://planner.uservoice.com.

Related

Group proxyAddress - Cannot Update from Graph API - Get Permissions Issue

It is unlikely that the account that I'm using to call Graph API doesn't have adequate permissions, but whenever I modify proxyAddress property of a Office 365 Group, I receive the following error,
{
"error": {
"code": "Authorization_RequestDenied",
"message": "The requesting application is not authorized to set group proxy addresses.",
"innerError": {
"date": "2022-01-17T12:01:39",
"request-id": "328be4b4-eb20-483e-adf7-bb02dfae3be2",
"client-request-id": "cabb604f-b315-be14-9ba0-9b0571ba7b1b"
}
}
}
If I PATCH without modifying the proxyAddress property at all, then I don't get this error, but whenever I modify the payload for proxyAddress at all, I get this error.
Example, PATCH:
{
"proxyAddresses": [
"SPO:SPO_269b2269-296d-43f4-b67e-88b6f32a7fcd#SPO_af6dd7da-54b5-411e-bab8-0b31f96e9e42",
"smtp:twg35#lincdev.com",
"SMTP:twg35aaa#lincdev.com",
"smtp:twg35#linc.onmicrosoft.com",
"smtp:twg35aab#lincdev.com"
]
}
I can change other properties and I can successfully set proxyAddress when I create the group, but updates always fail with error. Also, I've tried updating the mailNickname property and this has no effect. I can also update this value from the Office 365 Admin UI by modifying the email (primary / alias) and accomplish exactly what I'm after.
Can someone confirm that this isn't possible via Graph API or can you confirm / help me with the process or permission to accomplish this?
According the documentation group proxyAddresses is read-only property. It cannot be updated.

Couldn't retrieve teams from graph api - GetThreadS2SRequest Not found

I have a global administrator account who consented to have access to microsoft teams.
Then using graph api https://graph.microsoft.com/beta/groups?$filter=resourceProvisioningOptions/Any(x:x eq 'Team').
It returned the list of groups for this tenant.
However, when I called https://graph.microsoft.com/beta/teams/{id}. Some of the ids worked but some of them returned "error": {
"code": "NotFound",
"message": "Failed to execute Skype backend request GetThreadS2SRequest.",
"innerError": {
"date": "2021-05-17T06:04:19",
"request-id": "02f0a689-eca6-4b0d-9f0f-9d3e876d8f08",
"client-request-id": "02f0a689-eca6-4b0d-9f0f-9d3e876d8f08"
}
}
In addition, I used https://graph.microsoft.com/v1.0/groups/{id} and it returned the group information correctly.
So why graph api returned NotFound while it is a valid team group?
Thanks,
Karen
I guess there is some confusion around teams and groups.
Not all groups have a team. Any group that has a team has a resourceProvisioningOptions property that contains "Team".
Please note that the group has the same ID as the team. Every team is associated with a group but not vice-versa. When you get NOTFound, this is because that group doesn't have a team associated so accessing https://graph.microsoft.com/beta/teams/{id} will give you 404.
Thus,
https://graph.microsoft.com/v1.0/groups/{id}/team is the same as https://graph.microsoft.com/v1.0/teams/{id}.
Please refer to the Teams and groups section in this documentation to understand better.

ErrorItemNotFound when trying to retrieve room calendar via MS Graph API

Next to retrieving calendar views of a user's calendar (on behalf of the user), we are trying hard to also get the calendar view of rooms via the Graph API using
https://graph.microsoft.com/beta/users/room1#ourdomain.com/calendarView. It's a painful process since we've been running into many problems and are currently stuck with the following 404 response:
https://graph.microsoft.com:443/v1.0/users/room1#ourdomain.com/calendarView?startDateTime=2018-12-04T23:00:00.000Z&endDateTime=2019-02-10T22:59:59.999Z
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "358a003a-57a4-4f0e-91da-edc17c1fa2d8",
"date": "2018-12-12T07:38:33"
}
}
}
The email address of the room has been double checked and the resource exists, since we can create appointments with it and it is even being returned in the response when we retrieve the calendar of the user who has an appointment in that location.
App permissions and OAuth2 scopes are set to: openid email profile offline_access https://graph.microsoft.com/Calendars.Read https://graph.microsoft.com/Calendars.Read.Shared https://graph.microsoft.com/User.Read
https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/User.Read.All, so that should not be an issue, judging by the documentation.
Does anyone know how to solve this?
I've tried all possible ways, but there is no way to get access.
This is what I've tried out the following in the Graph explorer:
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/events -> DelegatedCalendarAccessDenied
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/calendarView?startDateTime=2019-01-14&endDateTime=2019-01-18 -> ErrorItemNotFound
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/calendar/calendarView?startDateTime=2019-01-14&endDateTime=2019-01-18 -> ErrorItemNotFound
All three on both the v1.0 and the beta.
It isn't an issue with rights, because for my testing I granted the Graph Explorer the Directory.ReadWrite.All scope. Resulting in the following scp claim.
The first requests seems the most promising (because of the different error), I also made myself a delegate with full control of the rooms-mailbox. That still didn't help.
A request to https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com gives a result, as in a result describing the meetingroom.
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": [],
"displayName": "Meeting room 1",
"givenName": null,
"jobTitle": null,
"mail": "meetingroom1#domain.com",
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": null,
"userPrincipalName": "meetingroom1#domain.com",
"id": "3e0a7b7e-xxxx-xxxx-xxxx-xxxxcxxxx120"
}
After doing all these tests, I can only conclude that you cannot access the events in a rooms mailbox. This is either intended (as in only use the scheduling assistant) or a bug.
Maybe some of the Microsoft guys around here could clarify this?
FINALLY! After going through this with countless Microsoft support people, each of whom said this was not their territory and did not know where to forward the question, I got in touch with somebody from the Exchange team. He suggested the one thing that worked for us: the user on behalf of which you are retrieving the room resource calendar needs to be a delegate of that room resource!
In addition, to retrieve the list of room resources which the user can select from, we needed to use the findRooms endpoint but this only works on the beta API. The only drawback of this is that you cannot seem to filter for rooms of which the user is a delegate. So the user will get a list of rooms for which he might or might not be able to retrieve the calendar.
A final drawback of the room resource calendarView response is that the response does not contain the names of the meetings planned in the rooms. The description of each event only contains the name of the meeting organizer.

Discard API in Microsoft Graph for sharepoint gives Unsupported segment type. ODataQuery:

We are trying to integrate SPOnline in our product for which we need cancel checkout.
I saw the
https://graph.microsoft.com/beta/sites/<siteid>/drive/items/01QLNXZVV4M75S2HYNTBF32HGY3ZZ6MAGT/discard
api but it is giving
{
"error": {
"code": "BadRequest",
"message": "Unsupported segment type. ODataQuery: sites/<siteid>/drive/items/01QLNXZVV4M75S2HYNTBF32HGY3ZZ6MAGT/discard",
"innerError": {
"request-id": "a3e5a861-3dd6-47a2-b111-fc9087a07b03",
"date": "2018-06-08T03:51:30"
}
}
}
Is there any way we can cancel a checkout using our code?
Also another issue which I saw was if I checkout file from user "A" in a different org then a user "B" in another org is not able to see the checkout. It appears in the UI but the api ?select=publication gives status published to user B? Is it as designed or an issue?
I'm not sure where you got /discard from but there is no such endpoint in Microsoft Graph.
You can revert a file to a previous version using /restoreVersion but there is currently not a method to simply "undo" or "discard" a /checkout. You would need to /checkin in order to unlock the file and then restoreVersion to back out any bump in the version number.

Unable to update organization properties

I've encountered a problem while trying to update organization's properties using Microsoft Graph API. I've followed these docs and tried it in graph explorer.
My request looks like this:
{ "displayName": "My Company Name" }
Whatever I do I always get the following error:
"error": {
"code": "Request_BadRequest",
"message": "Specified HTTP method is not allowed for the request target.",
"innerError": {
"request-id": "dfd9ae19-2774-4b10-8d74-f6f6cd21f712",
"date": "2016-05-16T14:48:02"
}
}
What am I doing wrong?
I have tried in my test tenant and results in the same error.
https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/organization
In the above document it is mentioned that we can update "marketingNotificationMails" and "technicalNotificationMails" properties alone through Update API. So I think you can't update the organization display name.
It does appear as though updates are limited on the organization entity. Please file a request to Uservoice to ask for this feature.

Resources