microsoftgraph
Investigate missing permissions for `GET /groups/{group-id}/planner`
Describe the bug
Missing permissions for GET /groups/{group-id}/planner.
To Reproduce Steps to reproduce the behavior:
- Go to Graph Explorer.
- Use
GET /groups/{group-id}/planneras the request URL - Click on the permissions tab.
- See missing permissions:
Expected behavior
Permissions for GET /groups/{group-id}/planner should be present.
Downstream tools are also missing permissions for GET /groups/{group-id}/calendar. See https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2171 for more details.
Is there any update on this? It's crippling our attempts to move to the Graph API and unfortunately the API reference isn't always a solution. Example:
I want to run Remove-MgDirectoryDeletedItem. Permissions are unavailable with Find-MgGraphCommand.
The associated Graph API documentation (https://learn.microsoft.com/en-us/graph/api/directory-deleteditems-delete?view=graph-rest-1.0&tabs=http) suggests connecting with Group.ReadWrite.All is sufficient to delete a deleted group permanently. However even when trying this using a global admin account the cmdlet returns:
Remove-MgDirectoryDeletedItem_Delete: Insufficient privileges to complete the operation.
Status: 403 (Forbidden)
ErrorCode: Authorization_RequestDenied
Date: 2023-08-04T14:47:45
Headers:
Cache-Control : no-cache
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : e54e34b6-b55b-46f4-b410-65dc30e503fd
client-request-id : 01396d73-975b-494e-bd2a-48def72683e8
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"UK South","Slice":"E","Ring":"3","ScaleUnit":"004","RoleInstance":"LO1PEPF00001D5A"}}
x-ms-resource-unit : 1
Date : Fri, 04 Aug 2023 14:47:44 GMT
Edit: I found a solution to the 403 error here: https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/92
