cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Pokora22
New Member

Teams tab creation through Graph API (Missing role permissions on the request)

Hi all,

 

I've been trying to add OneNote as a tab to all newly created channels within teams. I'm using REST API calls as per tutorial I can no longer find. I've got an app registered in AAD with the following permissions:

Screenshot 2021-11-18 115942.png

 

I need to use delegated (work account) permissions due to company rules. 

 

I've tried calling the API using two ways of authorization: 

AD OAuth in advanced options of the connector like this:

vivaldi_OHDi5o1wGh.png

And getting the token separately before and attaching it as header with the request:

vivaldi_ZEHixwMDQa.png

 

 

(Please ignore the body of the tab for now, it was copied straight from the tutorial - unless it could mess with permissions?)

 

Both ways I'm getting a 403 error:  

 

Missing role permissions on the request. API requires one of 'TeamsTab.Create, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All, TeamsTab.Create.Group'. Roles on the request ''. Resource specific consent grants on the request ''.

 

 

Honestly no idea what I'm doing wrong. Something else I need to add to the app registration? Does it not actually work with delegated permissions (even though the documentation says it should)?

 

I've looked around and could not find anything very relevant so I'll appreciate any help!

1 ACCEPTED SOLUTION

Accepted Solutions
v-xiaochen-msft
Community Support
Community Support

Hi @Pokora22 ,

 

If you use http action , you need to use application permission rather than delegated permission.

If you want to use delegated permission, you should create a custom connector instead of using http action.

The steps to create a custom connector are similar to http action , and they require similar parameters.

 

Best Regards,

Wearsky

View solution in original post

2 REPLIES 2
v-xiaochen-msft
Community Support
Community Support

Hi @Pokora22 ,

 

If you use http action , you need to use application permission rather than delegated permission.

If you want to use delegated permission, you should create a custom connector instead of using http action.

The steps to create a custom connector are similar to http action , and they require similar parameters.

 

Best Regards,

Wearsky

DBaker1
Frequent Visitor

I as able to use this connector to get the delegated permissions to work and create a tab in a Team.

DBaker1_0-1647480565108.png

 

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

New Ideas Forum MPA.jpg

A new place to submit your Ideas for Power Automate

Announcing a new way to share your feedback with the Power Automate Team.

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

MPA Licensing.jpg

Ask your licensing questions at the Power Automate AMA!

Join Priya Kodukula and the licensing team, super users and MVPs to find answers to your questions on Power Automate licensing.

Users online (4,859)