2

When trying to do a DELETE operation using this request https://graph.microsoft.com/v1.0/drives/{drive-id}/items/{item-id}/permissions/{perm-id}, the Microsoft Graph has started returning an HTTP 403 with this body:

{
    code: "notAllowed"
    innerError: {request-id: "6f8821bc-bb2a-46ba-89c8-99238765e27f", date: "2019-04-19T09:48:04"}
    message: "Operation not allowed"
}

This is extremely critical since we no longer have a way to remove permissions that we have added to a folder in a SharePoint site. We see that this problem is now affecting more and more tenants. Microsoft support has not been very helpful so far so I don't know where to take this. I think the problem is caused as a side-effect of work on the permission model in SharePoint/Microsoft Teams.

The strange thing is that it works when adding the new preview permissions scope Sites.FullControl.All while Files.ReadWrite.All or Group.ReadWrite.All does not work

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
Jorgen Solberg
  • 185
  • 9
  • The strange thing is that it works when adding the new preview permissions scope Sites.FullControl.All while Files.ReadWrite.All or Group.ReadWrite.All does not work – Jorgen Solberg Apr 20 '19 at 07:37
  • It seems we are seeing more and more 403 scenarios in the graph @marc-lafleur. Seems there are some issues with the required permission scopes, like in this case where Sites.FullControl.All is suddenly required to delete a permission on a folder in an Offic3 365 Group SharePoint site. – Jorgen Solberg Apr 22 '19 at 20:10

1 Answers1

1

this was definitely a bug and we've tracked down the cause and disabled the problematic code. In the future I'd recommend creating issues over at https://github.com/OneDrive/onedrive-api-docs/issues for regressions in the OneDrive and SharePoint APIs as there are lot more eyes on it and there'll definitely be better traction.

Brad
  • 4,089
  • 2
  • 16
  • 26