Comments (5)
We are indeed very early in the transitioning stage to the new version of PnP PowerShell. We plan to go GA at the end of the year and until that time documentation will lack more than usual.
Register-PnPManagementShellAccess adds an entry to the Azure AD Enterprise Applications. It's a basically a registration that allows authenticated users (e.g. users able to authenticate towards the AD) to use a specified OAuth2 clientid towards SharePoint Online and the Microsoft Graph. It's very similar to creating your own clientid/secret/certificate combination and adding that to the Azure AD, with the difference that we predefined a series of permission scopes and make the clientid available as a multi-tenant application.
The cmdlet indeed needs to be executed by someone with write access to the AD, in order to successfully process that entry. It could be that the entry ended up in a 'stale' state. If you navigate to the Azure AD, go to Enterprise Applications, locate "PnP Management Shell", you can reconsent the approval from there if needed. Maybe that solves your issue?
Keep in mind, that while you can use the cmdlet to register the application, actual access to SharePoint artifacts (sites, webs, etc.) are still restricted based on the SharePoint security model.
from powershell.
Just adding that -ClientId and -ClientSecret do work successfully so assume they will be fine for app-only in function app so please disregard that bit of the query above.
Thanks :)
from powershell.
Not sure if it helps but I get similar using PS7:
Connect-PnPOnline -Url $url -Credentials $cred
Get-PnPWeb
Get-PnPWeb: Access denied. You do not have permission to perform this action or access this resource.
Connect-PnPOnline seems to connect OK but then the error occurs when I try to do anything.
from powershell.
@erwinvanhunen - I am working on getting a global admin to re-consent as you suggested and will let you know the result. I have checked the Enterprise App and while it looks fine I cannot see any permissions for SharePoint:
Is this as expected?
My account has also been added to this Enterprise App as a User - is this actually necessary?
Also, Connect-PnPOnline using ClientID and ClientSecret is working fine. Does this suggest that the Enterprise App is working correctly or does that connection method not actually use the app?
Sorry for so many questions!
Dave
from powershell.
Re-consent seems to have resolved the issue. Based on this I will assume that using ClientID/ClientSecret does not actually use the Enterprise App - which makes sense as I guess it is then using its own app.
Thanks again for the great work 👍
Dave
from powershell.
Related Issues (20)
- [BUG] HOT 1
- [BUG] Connecting using Managed Identity in Azure Runbook with Sites.Selected results in "The Push Notifications feature is not activated on the site" HOT 1
- [BUG] HasUniqueRoleAssignments value is returned wrong while using Get-PnPProperty and Get-PnPFolder HOT 2
- [BUG] Separate page section backgrounds reset by Add-PnPPageSection and Add-PnPPageWebPart
- Get-PnPTenantSite : Could not load type 'Microsoft.SharePoint.Client.SPResourceEntry'
- [BUG] Get-PnPUnifedGroup Doesn't Exist HOT 2
- [FEATURE] Add custom attributes to output of Get-PnPMicrosoft365Group
- [BUG]'Microsoft.Extensions.DependencyInjection.ServiceCollection
- [BUG] Set-PnPPage Does not Update Thumbnail
- Get-PnPSiteTemplate Cache issue
- [BUG] HOT 1
- [BUG]Getting error while running GetCheckedOutFiles command in the powershell
- Get-PnPListItem -List "Documents" -Id 2 | Get-PnPFileSharingLink throwing error
- [BUG] New-PnPsite delay in PnP.PowerShell 2.5.0 HOT 2
- [BUG]Lists created by New-PnPList cannot have custom powerapp forms HOT 2
- [FEATURE] Get-PnPTenant does not include OnedriveSharingCapability and GuestSharingGroupAllowListInTenantByPrincipalIdentity fields
- [BUG] EnableModernAudienceTargeting fails on German site collection
- [BUG] Unable to create too many multiple connections HOT 8
- Microsoft Graph API functions like Get-PnPTeamsUser freeze GUI
- Add-PnPAlert adds only alert in classic layout
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from powershell.