Microsoft-graph-docs: Changing settings for a single O365 Group via Graph needs Directory.ReadWrite.All
Hello everyone,
I'd like to discuss the fact that setting group settings for a single O365 group via MS Graph needs Directory.ReadWrite.All permissions (see linked article).
Changing the settings of a group is a very common task and important settings like setting access for external are included there.
This should not be blocked behind such a "dangerous" permission level as Directory.ReadWrite.All. Instead it should use Group.ReadWrite.All.
We don't care what goes on behind the scenes (creating a new local GroupSetting every time for the group etc which is a huge overhead in 99% of the cases). We just want to ensure that we can change settings for single groups. These are local settings only and should behave the same as changing settings for a single team.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 6de1d3c0-ff82-f955-15d4-ffe99717d93a
- Version Independent ID: 0d541fbf-4acc-31a7-62d7-0855b0774362
- Content: Update a group setting - Microsoft Graph v1.0
- Content Source: api-reference/v1.0/api/groupsetting-update.md
- Product: groups
- Technology: microsoft-graph
- GitHub Login: @yyuank
- Microsoft Alias: MSGraphDocsVteam
MrTantum
All 5 comments
Hello,
Agree with @MrTantum. We would require an additional permission to handle individual group settings.
This becomes useful when creating group automation activities without getting such high priveledges.
Thank yo
Patrick
plamber
on 18 May 2020
I agree as well.
It would be great to have a specific permission to handle this.
kasuken
on 18 May 2020
We agree that changing group setting shouldn't require Directory.ReadWrite.All. Group.ReadWrite.All should be sufficient. The request is on our backlog.
yyuank
on 29 May 2020
Thank you @yyuank for looking into this!
Would be fantastic if this is released in beta any time in the future you could maybe give a short update to this thread (if the thread is not automatically set read only by a bot?).
Even if not I'll watch out for it in the Graph change log
MrTantum
on 29 May 2020
Ok, once the work item is planned, I'll let you know an estimate of when it will complete. You can then monitor the change log.
yyuank
on 29 May 2020
Related issues
abhatt29
·
4Comments
tfrancois
·
3Comments
r3dh0t
·
4Comments
nchdl
·
4Comments
gi-joe-moto
·
3Comments
Most helpful comment
We agree that changing group setting shouldn't require Directory.ReadWrite.All. Group.ReadWrite.All should be sufficient. The request is on our backlog.