You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have an API which creates and configures site collections using v1.15.0 in an Azure Function. It was previously successfully used in a cross-tenant scenario using an app registration with client ID & secret and a certificate for authentication. It is now used in a single tenant and has been updated to use a system assigned managed identity and custom authentication provider (as per #1401). All the functionality continues to work apart from adding a content type from the hub to a list which results in a 403 access denied error. The managed identity has the following permissions
Microsoft Graph:
Files.ReadWrite.All
Sites.ReadWrite.All
SharePoint:
Sites.FullControl.All
Other details:
.NET 8
Windows app service plan P1v3
The taxonomy service feature has been enabled on the sites. The lists have ContentTypesEnabled. Content types can be retrieved from the hub ok.
// successful
await siteContext.ContentTypeHub.LoadAsync(p => p.ContentTypes.QueryProperties(p => p.Name, p => p.Description,
p => p.FieldLinks.QueryProperties(p => p.Name)));
var contentType = siteContext.ContentTypeHub.ContentTypes.AsRequested().FirstOrDefault(p => p.Id == _settings.ContentTypeId);
// 403
list.ContentTypes.AddAvailableContentTypeFromHub(_settings.ContentTypeId, new AddContentTypeFromHubOptions { WaitForCompletion = true });
I have confirmed via remote debugging that the context is using the custom authentication provider. Other functionality such as adding documents, moving documents, creating/deleting site collections works fine. Please can you advise on how to troubleshoot.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I have an API which creates and configures site collections using v1.15.0 in an Azure Function. It was previously successfully used in a cross-tenant scenario using an app registration with client ID & secret and a certificate for authentication. It is now used in a single tenant and has been updated to use a system assigned managed identity and custom authentication provider (as per #1401). All the functionality continues to work apart from adding a content type from the hub to a list which results in a 403 access denied error. The managed identity has the following permissions
Microsoft Graph:
Files.ReadWrite.All
Sites.ReadWrite.All
SharePoint:
Sites.FullControl.All
Other details:
.NET 8
Windows app service plan P1v3
The taxonomy service feature has been enabled on the sites. The lists have ContentTypesEnabled. Content types can be retrieved from the hub ok.
I have confirmed via remote debugging that the context is using the custom authentication provider. Other functionality such as adding documents, moving documents, creating/deleting site collections works fine. Please can you advise on how to troubleshoot.
Beta Was this translation helpful? Give feedback.
All reactions