powershell
powershell copied to clipboard
pnp
[BUG] Connecting using Managed Identity in Azure Runbook with Sites.Selected results in "The Push Notifications feature is not activated on the site"
Reporting an Issue
Expected behavior
After setting up a managed identity, linked to an Azure Runbook using "Sites.Selected" instead of "Sites.FullControl.All", the Runbook should be able to connect to the sites granted permissions.
The Runbook should be able to perform cmdlets:
- Get-PnPList
- Get-PnPSite
- ...
Actual behavior
Errors are thrown:
- The Push Notifications feature is not activated on the site "https://contoso.sharepoint.com/sites/somesite"
- Get-PnPList: The remote server returned an error: (401) Unauthorized.
Steps to reproduce behavior
- Create Automation Account (+ Runbook)
- Enable system-assigned managed identity
- Add-PnPAzureADServicePrincipalAppRole -Principal "mymanagedidentity" -AppRole "Sites.Selected" -BuiltInType SharePointOnline
- Grant-PnPAzureADAppSitePermission -AppId "aa37b89e-75a7-47e3-bdb6-b763851c61b6" -DisplayName "TestApp" -Permissions FullControl -Site https://contoso.sharepoint.com/sites/somesite
What is the version of the Cmdlet module you are running?
2.5.0
Which operating system/environment are you running PnP PowerShell on?
- [x] Azure Automation Account (Azure Runbook) using Runtime Environment PowerShell 7.2
Just made some progress..
https://www.blimped.nl/running-application-with-limited-sharepoint-permissions/
This article mentions 2 steps to grant permissions to the application.
Connect-PnPOnline -Url "https://contoso.sharepoint.com/sites/project-x" -Interactive
$permission = Grant-PnPAzureADAppSitePermission -AppId "ce6bb9a7-c909-4538-b9dd-930724d7259d" -DisplayName "TestApp" -Permissions Write
Set-PnPAzureADAppSitePermission -PermissionId $permission.Id -Permissions FullControl
Could you please update the documentation on this PnP article using Sites.Selected?
Other people are also running into this issue, as seen in https://github.com/pnp/powershell/discussions/3219
@yvesrosius - is this still an issue ? 401 means there could an issue with your auth setup or maybe it isn't supported.
About the issue with Push notifications, that seems to be coming from server side , we can't do anything about that. Maybe you can activate the feature like this and then execute your scripts ?
https://sharepoint.stackexchange.com/a/272473/8068
Closing this due to lack of response. The push notifications is a server side issue, we can't do anything about it , as suggested , please activate the feature if its too much trouble or wrap it inside try/catch block.
For the documentation , we accept PRs, it describes one scenario. You can also submit this selected site scenario :)