Search code examples
c#azurepermissionsmicrosoft-graph-apimicrosoft-graph-plannertasks

Which API permission is needed for listing plans in a Microsoft group?

I'm trying to query the Microsoft Graph API to interact with plans within a group.

I'm using this method in the SDK:

graphClient.Groups[id.ToString()].Planner.Plans.GetAsync();

However, this incurs the following exception:

Microsoft.Graph.Models.ODataErrors.ODataError: You do not have the required permissions to access this item.

I've used the same GraphClient to list the groups, and to retrieve the group whose ID is used in the above method call, which has the following permissions assigned:

  • Group.Read.All (Application and Delegated)
  • Group.ReadWrite.All (Application and Delegated)
  • GroupMember.Read.All (Application)
  • Tasks.Read (Delegated)
  • Tasks.Read.Shared (Delegated)
  • Tasks.ReadWrite (Delegated)
  • Tasks.ReadWrite.Shared (Delegated)
  • User.Read (Delegated)

To obtain a GraphClient I used the code found in the sample [here][1]. The only part I changed is to use my own tenantId, clientId, and clientSecret.

What extra permission is needed to list the plans within a group?

Solution

  • The error occurred as you missed granting Tasks.Read.All permission that is required to list plans within group while using client credentials flow.

    I registered one Entra ID application granted same API permissions as you:

    enter image description here

    When I tried to list plans within the group, I got same error like this:

    enter image description here

    To resolve the error, make sure to grant Tasks.Read.All permission of Application type by granting admin consent to it as below:

    enter image description here

    When I ran below code after granting required permission, I got the response with list of plans successfully:

    using Azure.Identity;
using Microsoft.Graph;

class Program
{
    static async Task Main(string[] args)
    {
        var scopes = new[] { "https://graph.microsoft.com/.default" };
        var tenantId = "tenantId";
        var clientId = "appId";
        var clientSecret = "secret";

        var options = new TokenCredentialOptions
        {
            AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
        };

        var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);

        var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

        try
        {
            var plans = await graphClient.Groups["groupId"].Planner.Plans.GetAsync();

            foreach (var plan in plans.Value)
            {
                Console.WriteLine($"Plan Title: {plan.Title}");
                Console.WriteLine($"Plan ID: {plan.Id}");
            }
        }
        catch (Exception exception)
        {
            Console.WriteLine($"{exception.GetType().FullName}: {exception.Message}");
        }
    }
}

    Response:

    enter image description here

    Reference: List plans - Microsoft Graph v1.0