Replies: 1 comment
-
|
Please read this blog: You need to use an account with full control to grant permissions and only then can you use the other Entra ID app. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Reporting an Issue or Missing Feature
Please confirm what it is that your reporting
Expected behavior
I created an app (App1) with SiteSelected.All, aiming to grant access to a specific SharePoint site. I connected to my PnP azure (App 2), which has these permissions:
Then, I used it to run this command:
Grant-PnPAzureADAppSitePermission -AppId $App1-DisplayName "NameOdMyApp" -Site $siteUrl -Permissions Write
However, I received this error:
{"error":{"code":"accessDenied","message":"Access denied","innerError":{"date":"2025-06-24T16:12:01","request-id":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx","client-request-id":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx"}}}
Either I use App1 or App2, I can read and write files, but only with PnP commands like Get-PnPFile, Add-PnPFile, or Get-PnPFolderItem. However, I’m unable to perform any actions when using APIs.
Actual behavior
I also run in graph explorer (as I read online) the following but it didn't work:
(https://graph.microsoft.com/v1.0/sites/tenantname.sharepoint.com,xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx,xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx/permissions)
{
"roles": ["write"],
"grantedToIdentities": [
{
"application": {
"id": "x-xxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"displayName": "MY_APP"
}
}
]
}
And it successfully created, but i am not able to make it work:
Steps to reproduce behavior
$tenant = "name"
$secPassword = "secret" | ConvertTo-SecureString -AsPlainText -Force
$certname = "certname"
$AdminCenterURL = "https://tenant-admin.sharepoint.com"
$clientId = Get-Content "path\ClientID.txt"
$certFilename = "path\$certname.pfx"
$siteUrl = "https://$tenant.sharepoint.com/sites/sitename"
Connect-PnPOnline -Url $siteUrl -ClientId $clientId -Tenant "$tenant.onmicrosoft.com" -CertificatePath $certFilename -CertificatePassword $secPassword
$appId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
Grant-PnPAzureADAppSitePermission -AppId $appId -DisplayName "AppName" -Site $siteUrl -Permissions Write
What is the version of the Cmdlet module you are running?
(you can retrieve this by executing
Get-Module -Name "PnP.PowerShell" -ListAvailable)Which operating system/environment are you running PnP PowerShell on?
Beta Was this translation helpful? Give feedback.
All reactions