Share via

Microsoft Graph GetStaffAvailability Forbidden error

Shruthi Sridhar 20 Reputation points
2025-03-19T15:34:29.04+00:00

Forbidden - 403 - 292 ms. Either the signed-in user does not have sufficient privileges, or you need to consent to one of the permissions on the Modify permissions tab.

  "staffIds": [

        "<staffid>"

    ],

    "startDateTime": {

        "dateTime": "2025-03-21T00:00:00",

        "timeZone": "UST"

    },

    "endDateTime": {

        "dateTime": "2025-03-22T17:00:00",

        "timeZone": "UST"

    }

}     I have permissions for Bookings.Manage.all and Bookings.ReadWrite.All. Although admin granted permission for calender its not reflecting in my access token. "scp": "Bookings.Manage.All Bookings.Read.All Bookings.ReadWrite.All BookingsAppointment.ReadWrite.All openid profile User.Read email". Any leads on that?

Microsoft Security | Microsoft Graph
0 comments

Answer accepted by question author

AI answer

2025-03-19T15:34:29.0433333+00:00

The 403 Forbidden error you are encountering when trying to access the GetStaffAvailability endpoint in Microsoft Graph typically indicates that the signed-in user does not have the necessary permissions or that consent for the required permissions has not been granted.

In your case, you mentioned having permissions for Bookings.Manage.All and Bookings.ReadWrite.All, but it seems that the calendar permissions are not reflecting in your access token. Here are a few steps you can take to troubleshoot this issue:

  1. Check Admin Consent: Ensure that the admin has granted consent for all required permissions, including those related to calendar access. Sometimes, even if you have the permissions assigned, they may not be effective until admin consent is fully granted.
  2. Verify Access Token: Make sure that the access token you are using includes all the necessary scopes. You can decode the JWT token to check the scp claim to confirm that the required permissions are present.
  3. Modify Permissions Tab: If you see a message indicating that you need to consent to permissions on the Modify permissions tab, you might need to navigate to that section and ensure that all necessary permissions are granted.
  4. Token Expiration: If permissions were recently modified, ensure that you are using a fresh access token. Tokens can be cached, and you may need to request a new one to reflect the updated permissions.
  5. Contact Support: If the issue persists after checking the above points, consider reaching out to Microsoft support for further assistance.

References:

AI-generated content may be incorrect. Read our transparency notes for more information.

Was this answer helpful?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.