"Sharing web is blocked for Teams channel site" with m365 spo group member add

[amateo]

Priority

(Urgent) I can't use the CLI

Description

I am trying to write a script to modify permissions in a sharepoint site associated with a team channel. My final goal is to configure members of the channel as visitors (RO) of the SP site associate to the channel.

I have already tested with a PS script using the PnP module. With this module I can run commands like

Add-PnpGroupMember -Identity 'Visitantes de la My Sample Team-My Sample Private Channel 4' -LoginName <userUpn>

Remove-PnPGroupMember -Identity 'Visitantes de la My Sample Team-My Sample Private Channel 4' -LoginName <userUpn>

But I'd prefer to write the script using the CLI for Microsoft 365 (because I could easily integrate it in other scripts I already have).

The problem I'm having is that I could list groups in the SP site, get the members of these groups, but when I try to add members I get an error:

amateo@slimbook:~/node_modules$ m365 spo group member add --webUrl $siteUrl --groupId 4 --userNames user@mydomain.com --verbose 
Getting group Id for SharePoint Group 4
Checking if the specified users and groups exist
Adding resource(s) to SharePoint Group 4
Error: Sharing web is blocked for Teams channel site.

I have tried using the groupId and the groupName parameters, and I get the same error in both cases. As I already said, adding the same member to the same group directly with PS works without any problem.

I have also tried to remove users from the group with m365 spo group member remove... and this command works fine. I'm having problems just with the group member add.

Steps to reproduce

1. Create a team
2. Try to add a member to one of its SP groups

Expected results

I expected the command spo group member add --webUrl $siteUrl --groupId 4 --userNames user@mydomain.com --verbose to add a member to the SP group.

Actual results

I get the error:

Error: Sharing web is blocked for Teams channel site.

Diagnostics

No response

CLI for Microsoft 365 version

v7.9.0

nodejs version

v18.20.3

Operating system (environment)

Linux

Shell

bash

cli doctor

No response

Additional Info

No response

[milanholemans]

Thank you for reporting this issue. Seems like something we should fix indeed!

[milanholemans]

@pnp/cli-for-microsoft-365-maintainers Currently we're using this endpoint: https://github.com/pnp/cli-microsoft365/blob/c513557f607edbda1a817776927f358fc437cef6/src/m365/spo/commands/group/group-member-add.ts#L170 Clearly, this doesn't work that great. I'd like to update it to another endpoint, but that will be a breaking change.

Do you think it's fine to use another endpoint and construct the current command output ourselves? In the next major release, we can get rid of this, and return the new endpoint output. The current output looks like this:

[
  {
    "AllowedRoles": [
      0
    ],
    "CurrentRole": 0,
    "DisplayName": "John Doe",
    "Email": "john.doe@contoso.onmicrosoft.com",
    "InvitationLink": null,
    "IsUserKnown": true,
    "Message": null,
    "Status": true,
    "User": "i:0#.f|membership|john.doe@contoso.onmicrosoft.com"
  }
]

We do the same for spo tenant recyclebinitem restore. https://github.com/pnp/cli-microsoft365/blob/c513557f607edbda1a817776927f358fc437cef6/src/m365/spo/commands/tenant/tenant-recyclebinitem-restore.ts#L112-L118

[Adam-it]

@milanholemans I agree. Even if it is a breaking change it is clearly a bug fix so I don't see why we should wait for v8. We should fix it ASAP 👍 to what endpoint you wanted to change the current approach? May I kindly ask you to write your suggested fix and API we should use so that we may open it up to be fixed ASAP?

[milanholemans]

@Adam-it, the thing is that the command works perfectly when using on non-private channel sites. My approach would be that we ensure the user and add a user by logo name to the group. Haven't tested it with AAD groups yet, but for users it seems to work perfectly. Happy to take this one if we agree on a way to fix this.