Getting "Insufficient Privileges" Error Message, with Inner Error message: "AclCheckFailed-Can't parse Member Role"

Question

Getting "Insufficient Privileges" Error Message, with Inner Error message: "AclCheckFailed-Can't parse Member Role"

Abiodun 40

I'm currently using the MS Graph API to send Teams messages to a channel

This works fine except for the set reaction api

POST /teams/{teamsId}/channels/{channelId}/messages/{chatMessageId}/setReaction

POST /teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/setReaction

Returns the error message:

{
    "error": {
        "code": "Forbidden",
        "message": "InsufficientPrivileges",
        "innerError": {
            "code": "1",
            "message": "AclCheckFailed-Can't parse Member Role ''",
            "date": "2025-05-13T17:44:36",
            "request-id": "d982ee52-02e4-4f96-9cca-27d843707c5d",
            "client-request-id": "d982ee52-02e4-4f96-9cca-27d843707c5d"
        }
    }
}

The documentation specifies that the ChannelMessage.Send permission is required

When I decode my JWT access token, here are the scopes included;

"scp": "ChannelMember.Read.All ChannelMessage.Send Chat.ReadWrite.All ChatMessage.Read ChatMessage.Send email Files.ReadWrite GroupMember.Read.All openid profile Sites.Read.All Sites.ReadWrite.All TeamMember.Read.All User.Read User.Read.All",

Which includes the required permission, also on APP API Permissions.

CleanShot 2025-05-13 at 18.49.17@2x

Been on it for hours and can't figure it out, the access token works for sending and updating messages, so not sure why it doesn't work to set reactions.

Abiodun 40 Reputation points

2025-05-14T14:43:19.16+00:00

Hello, please can someone help take a look here
Seth Wright 0 Reputation points

2025-05-21T17:53:44.2333333+00:00

I'm also receiving this error. Confirmed the scopes I retrieve are appropriate.
Saied Taki 5 Reputation points

2025-05-21T18:02:19.9566667+00:00

Try adding ChannelMember.ReadWrite.All and ChatMessage.ReadWrite.All to your app permissions and grant admin consent.
Mostly the error mentions "AclCheckFailed-Can't parse Member Role", which could mean your app isn't recognised as a valid member of the team/channel.
You can try adding the app as a member of the team and check if any tenant policies or restrictions are affecting its permissions. Also, reviewing the app's logs might provide more insight. If you've already checked these aspects, then the issue might lie elsewhere.
Seth Wright 0 Reputation points

2025-05-21T18:52:14.44+00:00

@Saied Taki appreciate the suggestion. Unfortunately this did not resolve the issue. I'm able to post messages, attachments, etc with same token (w/ user delegated permissions), but adding/removing reactions gives this error.

Would appreciate any additional suggestions!
John Hamilton 1 Reputation point

2025-05-22T17:31:58.32+00:00

This has been affecting my SoftDeletes for weeks. Has anyone actually figured this out? I have a ticket in with MS right now but that could be weeks to resolve. Something changed.

1 answer

Your answer

Abiodun 40 Reputation points

2025-05-14T14:43:19.16+00:00

Hello, please can someone help take a look here
Seth Wright 0 Reputation points

2025-05-21T17:53:44.2333333+00:00

I'm also receiving this error. Confirmed the scopes I retrieve are appropriate.
Saied Taki 5 Reputation points

2025-05-21T18:02:19.9566667+00:00

Try adding ChannelMember.ReadWrite.All and ChatMessage.ReadWrite.All to your app permissions and grant admin consent.
Mostly the error mentions "AclCheckFailed-Can't parse Member Role", which could mean your app isn't recognised as a valid member of the team/channel.
You can try adding the app as a member of the team and check if any tenant policies or restrictions are affecting its permissions. Also, reviewing the app's logs might provide more insight. If you've already checked these aspects, then the issue might lie elsewhere.
Seth Wright 0 Reputation points

2025-05-21T18:52:14.44+00:00

@Saied Taki appreciate the suggestion. Unfortunately this did not resolve the issue. I'm able to post messages, attachments, etc with same token (w/ user delegated permissions), but adding/removing reactions gives this error.

Would appreciate any additional suggestions!
John Hamilton 1 Reputation point

2025-05-22T17:31:58.32+00:00

This has been affecting my SoftDeletes for weeks. Has anyone actually figured this out? I have a ticket in with MS right now but that could be weeks to resolve. Something changed.

Answer 1

Saied Taki 5

You can check Teams policies in the Microsoft Teams Admin Center to ensure external apps can interact with Teams.Debug Using Logs

Review the Graph API request logs for additional details. Use https://jwt.ms/ to decode the access token and confirm the scopes.

Test with Delegated vs. Application Permissions

If using application permissions, try switching to delegated permissions.

John Hamilton 1 Reputation point

2025-05-22T17:27:56.6266667+00:00

Can you elaborate on "You can check Teams policies in the Microsoft Teams Admin Center to ensure external apps can interact with Teams.Debug Using Logs".

This problem is also affecting "SoftDelete"

Share via

Getting "Insufficient Privileges" Error Message, with Inner Error message: "AclCheckFailed-Can't parse Member Role"

1 answer

Your answer