question

ChristosGiannacopoulos-1395 avatar image
0 Votes"
ChristosGiannacopoulos-1395 asked ChetanSharmamsft-3456 commented

Access denied when deleting Teams member

I am trying to delete a Teams member using Microsoft Graph Explorer. I am receiving the error:

Forbidden - 403 - 744ms. You need to consent to the permissions on the Modify permissions (Preview) tab

However, the Modify Permissions tab shows TeamMember.ReadWrite.All as Consented. What am I missing?

140899-image.png







office-teams-windows-itprooffice-teams-app-dev
image.png (50.7 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ChristosGiannacopoulos-1395,

As we are mainly responsible for general question of Microsoft Teams, your question related to Microsoft Graph is not in our scope. I will change office-teams-windows-itpro tag to office-teams-app-dev tag for this thread. Someone checking this tag will give your more insights.

0 Votes 0 ·

Thanks for the replies.

The user is an owner of the team.
The user has Teams (and Groups) Administrator role assigned.

Any other ideas?



141296-image.png


141373-image.png


141404-image.png


0 Votes 0 ·
image.png (9.7 KiB)
image.png (84.4 KiB)
image.png (113.0 KiB)
CarlZhao-MSFT avatar image CarlZhao-MSFT ChristosGiannacopoulos-1395 ·

Hi, @ChristosGiannacopoulos-1395 The problem should be with the role you grant. You should choose Active instead of Eligible for the grant type.
1.
141732-image.png
2.
141600-image.png


0 Votes 0 ·
image.png (30.3 KiB)
image.png (39.6 KiB)

Dear @ChristosGiannacopoulos-1395

If the answer is helpful, please click "Accept Answer" and kindly upvote it.

0 Votes 0 ·
pvanberlo avatar image
0 Votes"
pvanberlo answered

Are you trying to run this against a team you’re not an owner of? You may have consented, but it also requires explicit admin consent. You can check this by going into Azure AD’s Enterprise Apps, look up the Graph Explorer app and select the Permissions option.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CarlZhao-MSFT avatar image
0 Votes"
CarlZhao-MSFT answered ChetanSharmamsft-3456 commented

This has nothing to do with your permissions but with your role. Ordinary users cannot delete members in teams. Please make sure that the account you log in to Microsoft Graph Explorer has been granted the role of Teams Administrator. And the account must be a work/school account, not a personal Microsoft account.

1.
141382-344.png

2.
141383-345.png



If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




image.png (42.3 KiB)
image.png (64.9 KiB)
344.png (37.0 KiB)
345.png (54.8 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The user had that active assignment already. I removed it and added it again. The start time changed from a dash to today's date, but I am still receiving the same error in graph that I originally reported.

141775-image.png


141746-image.png


0 Votes 0 ·
image.png (66.5 KiB)
image.png (52.2 KiB)
CarlZhao-MSFT avatar image CarlZhao-MSFT ChristosGiannacopoulos-1395 ·

Hi, @ChristosGiannacopoulos-1395 Okay, let's rule out some possible errors. First of all, can you get this user in Graph Explorer? Then can remove this user in the portal?

0 Votes 0 ·

First of all, can you get this user in Graph Explorer?
Yes.

Then can remove this user in the portal?
I don't know what you mean.


This account (Teams Automation) is a service account. It has been in use for several years now. It owns multiple Power Automate flows that have worked perfectly fine. I am just trying to write a new flow that will delete all users from a team. This specific function is generating an error. Everything else (creating teams, adding team members, creating tabs in the channels, etc., etc.) works as expected. We are only experiencing an issue with deleting users. This particular flow checks for existing users (works), adds Teams Automation as an owner if not present (works), and then tries to delete existing members (fails). There is something going on specifically with the DELETE function.

FWIW I have tried both TEAMS and GROUPS api calls to Graph. Both fail.



0 Votes 0 ·
WendyLi-MSFT avatar image WendyLi-MSFT ChristosGiannacopoulos-1395 ·

@ChristosGiannacopoulos-1395 I will convert your reply above as comment as you have extra questions about one answer. You are welcome to post an answer once you have any solution/suggestion to share. More information about Answer and Comment in Microsoft Q&A.


0 Votes 0 ·

@ChristosGiannacopoulos-1395 - Could you please confirm if your issue has resolved with above suggestion or still looking for any help?

0 Votes 0 ·