TeamMember.ReadWrite.All should allow removal of a Team owner

Martin Liptak 116 Reputation points Microsoft Employee
2021-07-13T19:35:37.657+00:00

I think MSGraph/Team API should not return HTTP 403 when removing an Owner from a Team, having the TeamMember.ReadWrite.All permission:

DELETE https://graph.microsoft.com/v1.0/groups/<teamId>/owners/<ownerUserObjectId>/$ref HTTP/1.1
User-Agent: Fiddler
Host: graph.microsoft.com
Content-Length: 0
Authorization: Bearer <REDACTED>

HTTP/1.1 403 Forbidden
Date: Tue, 13 Jul 2021 19:22:39 GMT
Content-Type: application/json
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000
request-id: 1230dd1f-744c-4e46-a619-f719adfed9c9
client-request-id: 1230dd1f-744c-4e46-a619-f719adfed9c9
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"AM2PEPF00005502"}}
x-ms-resource-unit: 1
Content-Length: 266

{"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2021-07-13T19:22:39","request-id":"1230dd1f-744c-4e46-a619-f719adfed9c9","client-request-id":"1230dd1f-744c-4e46-a619-f719adfed9c9"}}}

This is the description of relevant roles:
TeamMember.ReadWrite.All: Add and remove members from all teams
TeamMember.ReadWriteNonOwnerRole.All: Add and remove members with non-owner role for all teams

Shouldn't TeamMember.ReadWrite.All cover owner removal?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,017 questions
0 comments No comments
{count} votes

Accepted answer
  1. Martin Liptak 116 Reputation points Microsoft Employee
    2021-07-13T19:50:16.173+00:00

    I realized that I was calling the Groups API rather than the Teams API. The URL should be

    DELETE /teams/{team-id}/members/{membership-id}

    Now it works.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.