2

I'm trying to create a folder into Drive of Teams private channel. But request is failing with 403 Forbidden I'm owner of that particular channel,

Also I can create folders manually using SharePoint website.

Request

POST /v1.0/drives/b!43py0EBpI0asOUgEnAjaxRc2cYcM2vtIiHHa72kTXpcOCBkq9GQrQ7r0s1d0OtUD/items/013ATLYCIOMYJZSH2AZRFZBWU27JWYBIM4/children HTTP/1.1
Host: graph.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Authorization: Bearer <snipped>
client-request-id: 30bba4ae-50da-4347-9654-256bb84739d7
Content-Type: application/json
If-Modified-Since: Mon: 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Origin: https://localhost:44349
DNT: 1
Connection: keep-alive
Referer: https://localhost:44349/web/

{"name":"2020-03-22 - Private channel","folder":{},"@microsoft.graph.conflictBehavior":"fail"}

Response

HTTP/1.1 403 Forbidden
Cache-Control: private
Content-Type: application/json
request-id: 41fa0e4c-f79a-4626-b152-2fc7e3c7cd50
client-request-id: 30bba4ae-50da-4347-9654-256bb84739d7
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"South India","Slice":"SliceC","Ring":"3","ScaleUnit":"000","RoleInstance":"AGSFE_IN_3"}}
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Location, Preference-Applied, Content-Range, request-id, client-request-id, ReadWriteConsistencyToken, SdkVersion
Strict-Transport-Security: max-age=31536000
Date: Wed, 18 Mar 2020 09:10:32 GMT
Content-Length: 256

{
  "error": {
    "code": "accessDenied",
    "message": "The caller does not have permission to perform the action.",
    "innerError": {
      "request-id": "41fa0e4c-f79a-4626-b152-2fc7e3c7cd50",
      "date": "2020-03-18T09:10:33"
    }
  }
}
Update

when we add Sites.ReadWrite.All to our scope it works But we have already have Files.ReadWrite.All and we can create folder in other drives without any isues

AbdulKareem
  • 1,199
  • 8
  • 24
  • Could you please confirm if you have all the necessary permissions to make this graph api call? – Gousia Begum Mar 18 '20 at 10:48
  • @Gousia-MSFT updated questions regarding permission scopes. Folder creation works for other drives without ` Sites.ReadWrite.All` , but it fails for this particular drive – AbdulKareem Mar 18 '20 at 11:21
  • @Gousia-MSFT we already have `Files.ReadWrite.All` permiision scope that should be sufficient for folder creation – AbdulKareem Mar 18 '20 at 12:48
  • Are you saying that when you have added Sites.ReadWrite.All it works? So is the issue resolved? – Gousia Begum Apr 03 '20 at 09:59
  • Because for all other drives it works just with `Files.ReadWrite.All` But for private channel it requires `Sites.ReadWrite.All` , I think it should just work with `Files.ReadWrite.All`. Also we have `Group.ReadWrite.All` . Our customers are hesitant to give `Sites.ReadWrite.All` permission to our application as its exposes all sharepoint sites user has access to – AbdulKareem Jun 12 '20 at 12:08

0 Answers0