question

KrzysztofMichalski-5691 avatar image
3 Votes"
KrzysztofMichalski-5691 asked 31108884 answered

Create shifts access denied with 403 error

Hi, I created 30 day free trial account on office 365 and then I registered app on Azure portal.

I'm testing creating new shifts by Ms graph API by executing endpoint:

https://graph.microsoft.com/v1.0/teams/{teamId}/schedule/shifts



Unfortunately I receive error 403 like below in response:

 {
     "error": {
         "code": "Forbidden",
         "message": "{\"error\":{\"code\":\"Forbidden\",\"message\":\"Sorry, you need to be an admin to do this.\",\"details\":[],\"innererror\":{\"code\":\"MissingAdminPermissions\"}}}",
         "innerError": {
             "date": "2021-08-20T08:30:02",
             "request-id": "d7595e09-3ed5-47b6-8365-e844cfee65c9",
             "client-request-id": "d7595e09-3ed5-47b6-8365-e844cfee65c9"
         }
     }
 } 

124977-image.png


I don't know where is the problem. Based on Ms Graph documentation https://docs.microsoft.com/en-us/graph/api/schedule-post-shifts?view=graph-rest-1.0&tabs=http#permissions I have gained required permission Schedule.ReadWrite.All: In fact I have granted all available permissions:


124989-image.png


Other endpoints works as expected. For example I can Get existing shifts without problems:

125011-image.png

Below is show access token received from https://login.microsoftonline.com/ endpoint:

125012-image.png

Maybe should I add some application permissions? Is my scope https://graph.microsoft.com/.default ok? Maybe here is the problem?

I would be grateful for help.


office-teams-app-devmicrosoft-graph-teamwork
image.png (105.0 KiB)
image.png (196.7 KiB)
image.png (54.6 KiB)
image.png (96.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Adding right teams/tags to assist

0 Votes 0 ·

1 Answer

31108884 avatar image
0 Votes"
31108884 answered

Having the same issues. I am creating a function app to copy shifts to a calendar and my SP is getting a 403, even though it has the 'Schedule.ReadWrite.All' and 'Schedule.Read.All' permissions and admin consent is given too.

When I access the /schedule/ from the graph explorer using my user there is no issue with the resource, it returns all shifts.
Look like a issue with Application Premissions. On https://docs.microsoft.com/en-us/graph/permissions-reference#schedule-management-permissions-private-preview I can see that for application permissions it says "private preview". If this is the issue, then I'd like to ask when will this be in "public preview" or even "ga" and is there a way to join the private preview?

Cheers,
Sia Ghassemi
Microsoft Azure MVP

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.