Issue with Teams RSC Permission TeamMember.Read.Group
I want to use Teams RSC to allow a bot to add and remove members of (private) teams channels. https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent#supported-rsc-permissions the API scope ChannelMember.ReadWrite.Group is appropriate for that. -> "Read and write the members of this team's channels." I have created a teams app and added the RSC API application scope (ChannelMember.ReadWrite.Group) to the App manifest and published the app to my org. The app has the "team" scope. Then I installed the app in a team and tested the API access. I sign-in with the Application SP using app-only auth. What is working: I can read the members of a public channel in the team using: invoke-mggraphRequest -Uri https://graph.microsoft.com/v1.0/teams/[team id]/channels/[channel id]/members -Method Get I can also read the members of a shared channel in the team using the same request. What is not working: I cannot access a private channel in the team: The above request yields the response: "code":"Forbidden","message":"Caller does not have the required roles for accessing 'Private' channel data. To access 'Private' data, API requires one of 'ChannelMember.Read.All, ChannelMember.ReadWrite.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All'. Roles on the request 'Group.Selected'." I cannot remove a member from a shared channel. The request: invoke-mggraphRequest -Uri https://graph.microsoft.com/v1.0/teams/[team id]/channels/[channel id]/members/[member id] -Method Delete yields the error: "code":"Forbidden","message":"Caller app is not enabled for requesting the channel of 'Shared' channel type. To access channel data app has to be enabled in the requesting channel." Has someone successfully used the RSC TeamMember.Read.Group in a shared or private channel? Why does the API not work in private channels and only for read in shared channel? The documentation says "of this team's channels", it does not mention any restriction to public channels. Also a write scope only to public channels does not make sense, as members of a public channel are inherited from the team and cannot be managed seperately. What do I need to do differently to be able to read and modify members of private and shared channels in a team using RSC permissions?