Skip to content
This repository has been archived by the owner on Jan 19, 2021. It is now read-only.

Get-PnPUserProfileProperty : Access denied. You do not have permission to perform this action or access this resource. #1692

Open
2 of 6 tasks
ollij opened this issue Sep 3, 2018 · 3 comments
Open
2 of 6 tasks

Get-PnPUserProfileProperty : Access denied. You do not have permission to perform this action or access this resource. #1692

ollij opened this issue Sep 3, 2018 · 3 comments

Comments

@ollij
Copy link

ollij commented Sep 3, 2018

Reporting an Issue or Missing Feature

Issue or lack of detail in documentation (https://docs.microsoft.com/en-us/powershell/module/sharepoint-pnp/get-pnpuserprofileproperty?view=sharepoint-ps)

Expected behavior

According the documentation, Get-PnPUserProfileProperty commandlet requires connection to the tenant admin website in order to make it work, so we assume that it works when connecting to tenant admin site even when using SharePoint app-only authentication.

Actual behavior

If the connection is created using AppId and AppSecret parameters (SharePoint app with AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl"), the command still fails:

Get-PnPUserProfileProperty : Access denied. You do not have permission to perform this action or access this resource.

Steps to reproduce behavior

  1. Create SharePoint app-only authentication thing
  2. Connect Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -AppId $appId -AppSecret $appSecret
  3. $userProfile = Get-PnPUserProfileProperty -Account $user.LoginName

Which version of the PnP-PowerShell Cmdlets are you using?

  • PnP PowerShell for SharePoint 2013
  • PnP PowerShell for SharePoint 2016
  • PnP PowerShell for SharePoint Online

What is the version of the Cmdlet module you are running?

2.26.1805.0

How did you install the PnP-PowerShell Cmdlets?

  • MSI Installed downloaded from GitHub
  • Installed through the PowerShell Gallery with Install-Module
  • Other means
@md0725
Copy link

md0725 commented Oct 11, 2018
edited

Make sure your app has Full Control permissions for the social features in SharePoint.

The app's permission request XML should look like this:

<AppPermissionRequests AllowAppOnlyPolicy="true">
 	<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
 	<AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="FullControl" />
</AppPermissionRequests>

@garrytrinder
Copy link
Member

Thanks @md0725 for the comment, you just solved my problem similar to OP is/was having. As I'd left out the AllowAppOnlyPolicy attribute on the AppPermissionsRequests element. 👍

@garrytrinder
Copy link
Member

@ollij can this be closed as per @md0725 comment?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ollij @garrytrinder @md0725