[BUG] - Revoke-PnPAzureADAppSitePermission - Not Working

[robcaretta-thrivent]

Reporting an Issue or Missing Feature

The cmdlet Revoke-PnPAzureADAppSitePermission is not working as expected.

Expected behavior

The cmdlet removes the permissions.

Actual behavior

My account is a SharePoint Tenant Admin, and also a site collection admin for the site I am attempting to revoke permissions on. The cmdlet seems to do nothing. Does not remove the permission grant and does not throw an error. After running the cmdlet I re-check the permission and there is no change. -Verbose switch also doesn't provide any additional context.

Steps to reproduce behavior

$permissionId = Get-PnPAzureADAppSitePermission -Site $locals.siteURL -AppIdentity $locals.entraAppID
if($null -ne $permissionId) {
$permissions = Get-PnPAzureADAppSitePermission -Site $locals.siteURL -PermissionId $(($permissionId).Id)
$permissions
}
else {
Write-Host "No existing app permissions were found."
}

Revoke-PnPAzureADAppSitePermission -PermissionId $permissionId.Id

What is the version of the Cmdlet module you are running?

3.1.0

Which operating system/environment are you running PnP PowerShell on?

• Windows
• Linux
• MacOS
• Azure Cloud Shell
• Azure Functions
• Other : please specify

[reshmee011]

Revoke does not prompt any error if the specified Id does not exist. Always verify if the privileges are as desired by checking the granted privileges. In the script the PermissionId was passed incorrectly.

There is a mistake in the last line, try the below to see if it fixes the issue

Revoke-PnPAzureADAppSitePermission -PermissionId $($permissionId.Id) -Site [siteUrl]

[robcaretta-thrivent]

Okay so you have to pass the -Site switch. Thank you. In the documentation it states it is optional. Got it, thank you.
https://github.com/pnp/powershell/blob/dev/documentation/Revoke-PnPAzureADAppSitePermission.md

[robcaretta-thrivent]

This can be closed.

[reshmee011]

Thanks, I added -Site parameter because in your script I can't see whether you are connecting to the site directly using 'connect-pnponline -url $SiteUrl` hence why you needed the site parameter. The other issue was the how the permissionid was passed , it needed to be enclose within $($permissionId.Id) instead of $permissionId.Id.