Replies: 2 comments 1 reply
-
Hello SPT-web, Best regards, |
Beta Was this translation helpful? Give feedback.
1 reply
-
Hello Sebastien, can you try it with an connection like this: Connect-PnPOnline -Url -ClientId -Thumbprint ? Best regards, |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
Issue when granting permissions to an Pnp script created App. If I use Grant-PnPAzureADAppSitePermission to grant permission to site collection then connect to pnponline using AppId and Secret, I get a 403 error when performing Resolve-PnPFolder or Get-PnPFile.
If I add permissions manually trhough /_layouts/15/appinv.aspx and retry. It works like a charm. What am I missing?
Detailled steps


I create a brand new site collection by script (TeamSite, no permission inheritence broken).
I create an app using
$appTitle = $_.AppName $result = Register-PnPAzureADApp -ApplicationName $appTitle -Tenant $tenantFullName -Store CurrentUser -OutPath $CertificatesFolderPath -Interactive -SharePointApplicationPermissions 'Sites.Selected' -GraphApplicationPermissions 'Sites.Selected' $_.AppId = $result.'AzureAppId/ClientId'
App is created and Sites.Selected permission are set.
Then I connect to PnPOnline again and use :
Connect-PnpOnline -Url 'https://contoso-admin.sharepoint.com' -ClientId 'XXX-XXXX-XXXX-XXXX' -Interactive Grant-PnPAzureADAppSitePermission -AppId $AppId -Site $sitecollection -Permissions Write -DisplayName 'TEST'
No error.
Afterthen, I create a secret for this app and connect PnpOnline using it.
Connect-PnPOnline –Url $DestinationSiteCollectionURL -ClientId $SPOAppID -ClientSecret $SPOAppSecret
And when using Get-PnpFile command, I get a 403.
Then, if I go to site collection adding /_layouts/15/appinv.aspx to the URL,look for the app Id and provide XML code
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Write" /> </AppPermissionRequests>
If I retry connexion and Get-PnpFile, It works perfectly.
This is a permission issue. I guess I'm missing something on Grant-PnPAzureADAppSitePermission but what?
Note :
I tried with Read, Full control, same issue.
Note also : If, I do :
Connect-PnpOnline -Url $sitecollection -ClientId 'XXX-XXXX-XXXX-XXXX' -Interactive Grant-PnPAzureADAppSitePermission -AppId $AppId -Permissions Write -DisplayName 'TEST'
I get a 'Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))' error instead of 403.
Environment
PSVersion : 7.4.6
PnP.PowerShell : 2.12.0
Beta Was this translation helpful? Give feedback.
All reactions