Dear all,
We are using MS graph API to add a member to a group and we would like to get confirmation of a permission used.$
In the docuementation :
https://learn.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=http
it is mentionned that the minimum permission required to add memeber to group are the following from least to most priviledges
GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All
If we use the permission GroupMember.ReadWrite.All it fails with permission access when adding user to group..
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Guests users are not allowed to join this Unified Group due to policy setting. paramName: Members, paramValue: , objectType: Microsoft.Online.DirectoryServices.Group",
"innerError": {
"date": "2020-06-22T08:28:11",
"request-id": "f075e729-db6a-4f87-b333-9c9c2ad146d5"
}
}
}
So to make it work we have to use the permission Group.ReadWrite.All
In which case this permission GroupMember.ReadWrite.All is used then ? I was expected I could use it to add user to group ?
Thanks for clarification
regards