I'm using the Graph Explorer on developer.microsoft.com to query shared calendars.
Example:
https://graph.microsoft.com/v1.0/users/user#my.com/calendarview?startdatetime=2018-04-19T19:25:06.250Z&enddatetime=2018-04-26T19:25:06.250Z
This works fine on calendars where I have Reviewer or Full Details access. Calendars where I have Free/Busy, subject, location, I get a 404 and response like this:
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "9f9e950f-038e-4411-b813-10a76d4b94fa",
"date": "2018-04-19T19:42:48"
}
}
}
I can open the same calendar with my Outlook client no problem.
My question is, are all of the different permission levels that you see in the Outlook client not supported by Graph? Or is there something I'm doing wrong?
The permissions are consistent with Outlook and Exchange Web Services the difference is when you have "Free/Busy, subject, location" (or even one of the lesser) you only have rights to view the FreeBusy data of the Mailbox you don't have permissions to query the calendar directly which is what your trying to do so the error your receiving is consistent with that fact (and is what you would see in any of the other API's). Outlook (since 2007) uses the getuseravailability when querying the FreeBusy data for a user (which is where that right is valid) the equivalent in graph would be findMeetingTimes https://developer.microsoft.com/en-us/graph/docs/concepts/findmeetingtimes_example
https://graph.microsoft.com/v1.0/me/findMeetingTimes
(I don't think this is quite there on feature parity with EWS and Outlook on FreeBusy data though but its getting there)
Related
I am currently using the Microsoft graph API to get events from Outlook, but I would like to change to the calendarView endpoint instead. However, I am facing a number of challenges when using delta links on other users calendars with delegated access.
My first call to the delta endpoint works as intended, but when I try to use the link in #odata.nextLink for next delta data I get an permission error - and can't see what should cause this error
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"date": "2022-12-06T18:03:31",
"request-id": "961ca04c-0000-0000-0000-000000000000",
"client-request-id": "2dc7f5ea-0000-0000-0000-000000000000"
}
}
}
Delta querying works fine when done on the events endpoint so I am a bit lost in what to check for?
As you said you are facing challenges while using delta links on other users calendars with delegated access. For accessing other user data ,which required application permission , where as delegated permission required user to signIn , please check the doc for more info regarding delegated permission vs application permission .
Could you please try adding Calendars.Read application permission instead of delegated permission - https://learn.microsoft.com/en-us/graph/api/event-delta?view=graph-rest-1.0&tabs=http.
Hope this helps
Thanks
I ran into this issue recently and found a partial answer at https://learn.microsoft.com/en-us/answers/questions/587998/deltatoken-for-calendar-events-requiring-elevated.html
I asked my Active Directory admin to give manage access for the account associated with my bearer token, and the delta events are now working. That is, myuser#example.com now has manage permissions for shared-calendar-user#example.com. This isn't ideal, but it's acceptable for my use case.
We have created a WP that we have published to Teams that would give owners the possibility to modify the external sharing setting ("AllowToAddGuests") from a tab in their Teams.
We are experiencing a problem when we try to do the set of AllowToAddGuests using an owner account.
The Teams app has :
{
"resource": "Microsoft Graph",
"scope": "Directory.ReadWrite.All"
}
As per MS Graph docs
https://learn.microsoft.com/en-us/graph/api/directorysetting-update?view=graph-rest-beta&tabs=http
should work fine with delegated.
If I execute the graph call in the graph explorer using the owner user it gives the same access error.
All permissions are granted at admin level.
If a global admin is used, then all works fine.
The error I am receiving is the following:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2020-07-02T15:18:56",
"request-id": "84fe9be9-a4b0-4023-93e6-68dd780ce2ea"
}
}
}
Has the owner the possibility to change the flag AllowToAddGuests or should I do this via an App reg?
Thanks for the answers.
Alex
I am posting this here so that if anybody looks for the same information, they have it here.
At the time of this writing, the answer we got from Microsoft is that for this call to work, the user performing the call (in our case one of the owners) needs to also be a Group Administrator. For our use case this was not doable as any user in the company can potentially be an owner of a MS Teams.
The solution we have chosen is to use application permission with Directory.ReadWrite.All to perform the call. This works as expected now.
Microsoft has also promised they will update the documentation in order to include the current information.
Microsoft Graph API provides a method to move a mail message to a different folder:
POST /users/{id | userPrincipalName}/messages/{id}/move
This works fine when moving a mail message around local folders, but returns a 404 when moving a mail message to or from a Public folder.
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store., The process failed to get the correct properties.",
"innerError": {
"request-id": "53cf2d12-b551-4fa5-97c4-0d70c99013ec",
"date": "2020-04-03T16:20:08"
}
}
}
Note that the mail message is moved successfully.
The documentation is a bit unclear about support for Public folders, but most operations appear to work ok, so I'm not sure if this is something I'm doing wrong, something not supported or a bug.
Public folders are not supported by Microsoft Graph. From https://learn.microsoft.com/graph/outlook-mail-concept-overview#where-is-the-data:
Where is the data?
The Microsoft Graph API supports accessing data in users' primary
mailboxes and in shared mailboxes. The data can be calendar, mail, or
personal contacts stored in a mailbox in the cloud on Exchange Online
as part of Office 365, or on Exchange on-premises in a hybrid
deployment.
The API does not support accessing in-place archive mailboxes, not on
Exchange Online nor on Exchange Server.
I've created a web app with Microsoft Graph API and it has been completed/tested and everything is working as expected. This web app is aimed to create calendar events for our Office 365 users. Right now there are a total of 9 users that calendar events are created for and two of them are having issues.
This is the specific response I get from Microsoft Graph API if I'm creating a calendar event for a user that is having issues:
Message:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"request-id": "4d6efba0-fce2-4abe-9f60-be3df8b55d6f",
"date": "2018-08-29T15:26:58"
}
}
}
I know that everything I'm doing is correct as the other seven users have no issues so the issue must be with the office 365 account its self. I've looked into account settings/permissions and everything I've checked is identical to a user that is working.
One of the biggest issues I'm facing with this problem is I don't understand the error its self. When it says "ResourceNotFound" my guess is that it's saying that it can't find the user account even though it does exist.
My question is what should be the next steps be in order to find a resolution? Should I see if I can recreate the mailboxes and transfer the email from the broken account to a new account? Or should I continue to try to find the root problem?
We have an issue accessing the attachment(s) of an event created in a O365 Group when using the Graph. The event is created in the group calendar, the group is set to public and can be accessed by the user requesting the event. Using the Graph Explorer we can access the event by using the following:
https://graph.microsoft.com/v1.0/groups/groupid/events/eventid
However using the: https://graph.microsoft.com/v1.0/groups/groupid/events/eventid/attachments results in a 403 error:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "af65c3ce-6f00-4137-817b-fa1a069d820e",
"date": "2018-08-06T09:02:26"
}
}
}
The issue can be replicated in either using the Graph Explorer or any other method. Obviously we have checked the permissions and Calendar.Read has been applied, but even after checking all permissions boxes available in the Graph Explorer (or AD App Registration) a 403 still occurs regardless of the selected permissions.
Any call to the attachment endpoint results in a success for events that are in a user’s calendar and it seems to be only occurring when retrieving events for a group. There seems no changes in behavior whether the group is public or private, nor using either the /beta or the /v1.0 endpoint.
The intellisense in the graph explorer does shows /attachment to be an option but always return a 403 when requested.
Any insights or tips on how to retrieve attachements for events created in a group would great.
I can reproduce your scenario from my end as well.
Tried using Graph Explorer, Console project and ASP.NET MVC (can download the sample from this link)
I have read through the attachment_get Microsoft document, however I can't find any API for your case. I presume there is no such function atm.
I recommend you to raise a ticket from your end to the OfficeDev.
PS: I had an unusual access is denied error when I tried to access group in ASP.NET MVC sample although I'm logged in with admin account, and it still shows access request is denied.
https://learn.microsoft.com/en-us/graph/api/resources/attachment?view=graph-rest-1.0
Events in group calendars do not support attachments.
Last year (an entire year after this question was asked) Microsoft finally clarified in the Graph docs that group events do not support attachments.