问题
Currently the Azure AD application delegated permissions "Group.Read.All" and "Group.ReadWrite.All" requires admin consent.
Refer: http://graph.microsoft.io/en-us/docs/overview/release_notes
/////snip from the below URL/////
Group permission scopes
The Microsoft Graph exposes two permission scopes (Group.Read.All and Group.ReadWrite.All) for access to groups APIs. These permission scopes must be consented to by an administrator (which is a change from preview). In the future we plan to add new scopes for groups that can be consented by users.
/////snip end/////
In our application we have requirement for these scope permissions with user consent alone. Please let us know any workaround and ETA for this feature.
回答1:
The release notes are accurate. We are working on some new user-consentable and hope to have these available shortly. Will post back when these are available.
回答2:
As of today, all Groups permissions in Microsoft Graph still require administrator consent. However, we're currently working on a feature that will allow applications to request access to one or more specific groups, and end-users will be able to consent in this case. We don't have an ETA yet for this- but we are actively working on it.
来源:https://stackoverflow.com/questions/37206481/regarding-admin-consent-for-group-permission-scope-in-microsoft-graph-api