Remove-MgDriveRootPermission accepts the command but does not remove the permission #2554
Comments
|
I tested this with the latest 2.1.0 version of the Graph cmlets and also tested this directly on the Graph API itself. Same result. Here is the uri: "https://graph.microsoft.com/v1.0/drives/{driveid}/items/root/permissions/{permissionid}" The result has an interesting response in the raw content: Deprecation: Fri, 03 Sep 2021 23:59:59 GMT |
timayabi2020
added
Service issue
Needs: Author Feedback
and removed
Service issue
labels
|
Hi @jachaohk, could you please try and share the debug information by adding |
Hi Timayabi - I have been working with Microsoft Graph support on a support ticket. They got back to me and said that this behavior is expected and removing admins that have been added to personal OneDrive's via this specific Graph cmdlet is not supported. Specifically: "The product team confirmed that the that the API's current behavior is by design. It cannot delete an admin permission for a site." |
microsoft-github-policy-service
bot
added
Needs: Attention 👋
and removed
Needs: Author Feedback
labels
|
I have noticed with a couple other Graph commands in the past (for me it was Set-MgUserLicense and New-MgGroupMember) that under certain situations, the command would be accepted without reporting any errors, but also not actually do the thing it's supposed to do. Whether the API's current behavior in denying @jachaohk's request is correct in this scenario is kind of irrelevant; the main problem is the error isn't being reported. I was also on v 1.27.0 at the time I was experiencing these issues, so maybe the error reporting has been fixed in the newer SDK releases, but it is worth mentioning. |
|
Hi @jachaohk , Could you please run the cmdlet with -Debug option and share the output for us to see if there is anything we can do about a better response handling from the API call? Thanks! |
petrhollayms
added
the
status:waiting-for-author-feedback
|
Hi Petr Thanks for the response. I am not sure why you need me to debug this for you. I have a ticket with Microsoft's Graph Team and they were able to reproduce the issue and in fact they told me that this issue is working as designed and closed the ticket. Specifically: "The product team confirmed that the that the API's current behavior is by design. It cannot delete an admin permission for a site." If you have access to support tickets can you look this up? TrackingID#2402260040007649 Otherwise - I am sure you have resources that will allow you to reproduce this issue on your own. Thanks, |
microsoft-github-policy-service
bot
added
Needs: Attention 👋
and removed
status:waiting-for-author-feedback
petrhollayms
added
status:waiting-for-technical-design-work
Hi,
I was asked to create an automation that would remove any admin accounts that were given permission to a user's onedrive on a daily basis. We are using Azure Automation to accomplish this.
When using the cmdlet get-mgdriverootpermission, we are able to see the permissions that have been applied to a user's OneDrive. We then use the following to remove the permission:
Remove-MgDriveRootPermission -driveid $userdrive.id -permissionid $permission.id
The $userdrive variable is the drive ID found when using get-mguserdrive.
The $permission.id is the ID of the permission found when using get-mgdriverootpermission.
The cmd completes with no errors however when we look at the permissions, the permission still exists....
We are using the 1.27.0 version of the cmdlets as our current Azure Automation runbooks are coded using this version and we are not ready to recode everything to fit to the V2 versions of the cmdlets.
The text was updated successfully, but these errors were encountered: