Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,308 questions
Any News about this?
Access denied Microsoft Graph Deamon App with SDK Outlook List of Events, with Rights set
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 40%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Reto Rümmeli
5
Reputation points
Hi Roboter
Access denied Microsoft Graph Deamon App with SDK Outlook List of Events, with Rights set
I have set up a new application in Azure and reset the permissions several times. (see the Permissions below)
But unfortunately it does not work
I wonder why the Event.add, Event.update and Event.delete queries work, but the listing does not.
All rights I have setup the rights on.
Can someone please give me correct and qualified information why it does not work?
Many Thanks
Here is the code for creating the GraphserviceClient.
public GraphServiceClient GetGraphClientWithIdentity() {
if (_graphServiceClient != null)
return _graphServiceClient;
var instance = _configuration.GetValue<string>("AzureAd:Instance");
var apiurl = _configuration.GetValue<string>("AzureAd:ApiUrl");
var tenant = _configuration.GetValue<string>("AzureAd:Tenant");
var tenantId = _configuration.GetValue<string>("AzureAd:TenantId");
var clientId = _configuration.GetValue<string>("AzureAd:ClientId");
var clientSecret = _configuration.GetValue<string>("AzureAd:ClientSecret");
string[] scopes = new[] { "https://graph.microsoft.com/.default" };
//var authority = String.Format(CultureInfo.InvariantCulture, instance, tenant);
// TokenCredentialOptions for Cloud
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
return graphClient;
}
Here is the code for the requests that work.
// Create Client
var graphClient = _graphClient.GetGraphClientWithIdentity();
// OK
users = await graphClient.Users.Request().GetAsync(); calendars = await graphClient.Users[userid].Calendars.Request().GetAsync(); mailfolders = await graphClient.Users[userid].MailFolders.Request().GetAsync(); organizations = await graphClient.Organization.Request().GetAsync(); categories = await graphClient.Users[userid].Outlook.MasterCategories.Request().GetAsync(); var evsendInsert = await graphClientService.Users[userid_1].Events.Request().AddAsync(@event); // Event Update OK var evsendUpdate = await graphClientService.Users[userid_1].Events[eventid].Request().UpdateAsync(@event); // Event Delete OK await graphClientService.Users[userid_1].Events[eventid].Request().DeleteAsync();
// Do not Work
var events = await graphClient.Users[userid].Events.Request().GetAsync();
var events = await graphClient.Users[userid].Calendars[firstCalendarID].Events.Request().GetAsync();
The rights
Calendars.Read
Calendars.ReadBasic.All
Calendars.ReadWrite
Directory.Read.All
Directory.ReadWrite.All
Group.Read.All
Group.ReadWrite.All
Mail.Read
Mail.ReadBasic
Mail.ReadBasic.All
Mail.ReadWrite
Mail.Send
User.Read
User.Read.All
User.ReadBasic.All
User.ReadWrite.All
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 0%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZY%3C/text%3E%3C/svg%3E)
Zehui Yao_MSFT 5,871 Reputation points2023-02-13T09:36:08.7666667+00:00 Hi @Reto Rümmeli , we are currently doing research on this issue and will let you know as soon as possible.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 84%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Codelab.com 0 Reputation points2023-02-20T08:18:21.3866667+00:00 Hi Roboter, any news?
Sign in to comment
3 answers
Sort by: Most helpful
-
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
-
Zehui Yao_MSFT 5,871 Reputation points
2023-02-20T10:12:07.2666667+00:00 Hi @Reto Rümmeli , I set the same permissions as you and can reproduce the same error. Then after my testing, I found that when the
Calendars.ReadBasic.Allpermission was granted, I couldn't list events. When theCalendars.ReadBasic.Allpermission is removed, the API can run successfully.It looks like the
Calendars.ReadBasic.Allpermission conflicts with other permissions.Hope that can help you. Best Wishes.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.-
Zehui Yao_MSFT 5,871 Reputation points
2023-03-01T07:36:45.8566667+00:00 Hi @Reto Rümmeli , does this issue persist? Would you mind providing an update on the status of this issue?
Sign in to comment -