Need Help with MGGraph Calendar Permissions – Getting Access Denied

By
Dan
-
0
3
Asked By TechieTurtle123 On

I'm having some trouble with granting calendar permissions on a room mailbox using Microsoft Graph. The client needs everyone to be able to edit the calendar, which I'd normally handle easily with MSOnline. However, I'm hitting an 'Access Denied' error even though I believe I have all the right scopes. I'm logged in as the global admin, and I've already consented to the necessary permissions for my organization. Here's the code snippet I'm working with for context:

```
$UserID = Read-Host -Prompt 'Enter Target Mailbox Email'
Connect-MgGraph -Scopes "Application.ReadWrite.All", "AppRoleAssignment.ReadWrite.All", "RoleManagement.ReadWrite.Directory", "Calendars.ReadWrite"
$Calendar = Get-MgUserCalendar -UserId $UserId | Where-Object { $_.IsDefaultCalendar -eq $true }
$CalendarId = $Calendar.Id
$Permissions = Get-MgUserCalendarPermission -UserId $UserId -CalendarId $CalendarId
$DefaultPermission = $Permissions | Where-Object { $_.EmailAddress.Name -eq "My Organization" }
$CalendarPermissionId = $DefaultPermission.Id
$Params = @{ Role = "Write" }
Update-MgUserCalendarPermission -UserId $UserId -CalendarId $CalendarId -CalendarPermissionId $CalendarPermissionId -BodyParameter $Params
$UpdatedPermissions = Get-MgUserCalendarPermission -UserId $UserId -CalendarId $CalendarId
$UpdatedPermissions | Where-Object { $_.EmailAddress.Name -eq "My Organization" } | Select-Object Role
Disconnect-MgGraph
```

The first 'Access Denied' comes from the `Get-MgUserCalendarPermission` command. I'd appreciate any advice on how to resolve this! Thanks a lot!

4 Answers

Answered By GraphGuru89 On

It looks like you're dealing with a permissions issue. According to the Microsoft Graph permissions reference, the `Calendars.ReadWrite` scope only permits access to the user's calendar if you're using delegated permissions. You may have better luck creating an App Registration to utilize application permissions instead. That should help you bypass the access denial you're experiencing.

Answered By CloudyCoder98 On

I feel your pain! Unfortunately, `ExchangeOnlineManagement` doesn't have all the features of MSOnline, and it can’t even detect some Azure services like Multi-Factor Authentication. I can see everything in Microsoft Graph and Entra, but EOM is not recognizing them. Hang in there!

Answered By PowerShellPal77 On

When working with delegated permissions, make sure you have owner status on the target calendar. If you're not sure about that, try using the `ExchangeOnlineManagement` module to manage permissions; it might simplify things for you.

Answered By ScriptingSage456 On

Thanks for your input! I ran into some documentation issues with Microsoft, and I've learned that the command I needed isn't available right now. Fortunately, they updated their tools, so I could skip some manual steps I'd been doing before, which is a relief!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.