sp-dev-docs icon indicating copy to clipboard operation
sp-dev-docs copied to clipboard
verified publisher icon SharePoint

Grant-PnPAzureADAppSitePermission Access denied

Open REMY31470 opened this issue 1 year ago • 0 comments

Target SharePoint environment

SharePoint Online

What SharePoint development model, framework, SDK or API is this about?

💥 SharePoint Framework

Developer environment

None

What browser(s) / client(s) have you tested

  • [ ] 💥 Internet Explorer
  • [ ] 💥 Microsoft Edge
  • [ ] 💥 Google Chrome
  • [ ] 💥 FireFox
  • [ ] 💥 Safari
  • [ ] mobile (iOS/iPadOS)
  • [ ] mobile (Android)
  • [ ] not applicable
  • [ ] other (enter in the "Additional environment details" area below)

Additional environment details

  • browser version
  • SPFx version
  • Node.js version
  • etc

Describe the bug / error

Hello, On 9 September Microsoft deprecated the Connect-PnPOnline connection with simple user authentication. They now recommend using an application. Here are the steps indicated on the Internet :

  • Create 2 applications (App1 and App2) on our Tenant: OK

  • Open a PowerShell as the user who will run the scripts: OK

  • Create a certificate on the server: OK

$Certificate=New-SelfSignedCertificate –Subject MSGraph -CertStoreLocation Cert:\CurrentUser\My Export-Certificate -Cert $Certificate -FilePath "C:\Temp\Certificate.cer"

  • In « registration of applications », add certification to Certificates can be used as secrets to prove your identity and to generate a Digital Footprint: OK

  • add the SharePoint rights of AllSites.FullControl to the App1 application: OK

  • add the SharePoint rights of Sites.Selected to the App2 application: OK

  • Connecting in PowerShell using App1 and its Digital Footprint: OK

Connect-PnPOnline "https://tenant.sharepoint.com/ " -ClientId "App1-ID" -Tenant "Tenant-ID" -Thumbprint "App1- Thumbprint"

  • Add SharePoint XXX site permissions to App2: HS ERROR

Grant-PnPAzureADAppSitePermission -AppId " App2-ID" -DisplayName "Test" -Permissions Read -Site "https://tenant.sharepoint.com/sites/XXX" Grant-PnPAzureADAppSitePermission: {"error":{"code":"accessDenied","message":"Access denied","innerError":{"date":"2024-09-17T11:38:09","request-id":"…","client-request-id":"…"}}}

  • even a simple Get doesn't work : HS ERROR

Get-PnPAzureADAppSitePermission -site "https://blevraultgroup.sharepoint.com/sites/XXX" Get-PnPAzureADAppSitePermission: Forbidden (403): Access denied

Thank you in advance for your help and feedback. Remy

Steps to reproduce

it's all in the Describe

Expected behavior

it's all in the Describe

REMY31470 avatar Sep 17 '24 13:09 REMY31470