Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Planner: Wrong name of api permissions for PlannerBucket and PlannerPlan #2843

Closed
bjoernf73 opened this issue Jan 24, 2023 · 0 comments · Fixed by #2844 or #2851
Closed

Planner: Wrong name of api permissions for PlannerBucket and PlannerPlan #2843

bjoernf73 opened this issue Jan 24, 2023 · 0 comments · Fixed by #2844 or #2851

Comments

@bjoernf73
Copy link
Contributor

Api Permissions for PlannerPlan and PlannerBucket reads "Tasks.Read" and "Tasks.ReadWrite", but should be "Tasks.Read.All" and "Tasks.ReadWrite.All" - they're missing ".All" at the end:

{
    "resourceName": "PlannerBucket",
    "description": "",
    "permissions": {
        "graph": {
            "delegated": {
                "read": [
                    {
                        "name": "Tasks.Read"
                    }
                ],
                "update": [
                    {
                        "name": "Tasks.ReadWrite"
                    }
                ]
            },
            ...

Details of the scenario you tried and the problem that is occurring

Trying to update service principal:

Update-M365DSCAzureAdApplication -ApplicationName "$Name" -Permissions @(
        @{Api='Graph';PermissionName='Tasks.ReadWrite'},
        @{Api='Graph';PermissionName='Tasks.Read'}) -AdminConsent

Verbose logs showing the problem

The following is output to the screen:

2023-01-24 13:14:20 - Checking specified parameters
2023-01-24 13:14:20 -   Using a Secret as credential
2023-01-24 13:14:47 -
2023-01-24 13:14:47 - Checking existance of AD Application
2023-01-24 13:14:47 -   Application '<appname>' already exists!
2023-01-24 13:14:47 -
2023-01-24 13:14:47 - Checking app permissions
2023-01-24 13:14:47 -   Checking permission 'Graph\Tasks.ReadWrite'
2023-01-24 13:14:47 -   [ERROR] Permission 'Tasks.ReadWrite' not found!
2023-01-24 13:14:47 -   Checking permission 'Graph\Tasks.Read'
2023-01-24 13:14:47 -   [ERROR] Permission 'Tasks.Read' not found!
2023-01-24 13:14:47 -
2023-01-24 13:14:47 - Waiting 10 seconds for application creation
2023-01-24 13:14:47 -   ...

Suggested solution to the issue

Change

  • "Tasks.Read" to "Tasks.Read.All"
  • "Tasks.ReadWrite" to "Tasks.ReadWrite.All"

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Just running the following:

Update-M365DSCAzureAdApplication -ApplicationName "$Name" -Permissions @(
        @{Api='Graph';PermissionName='Tasks.ReadWrite'},
        @{Api='Graph';PermissionName='Tasks.Read'}) -AdminConsent

The operating system the target node is running

n/a

Version of the DSC module that was used ('dev' if using current dev branch)

Dev
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@bjoernf73