powershell icon indicating copy to clipboard operation
powershell copied to clipboard
verified publisher icon pnp

[BUG] - SharePoint Delegated Sites.Selected

Open a1mery opened this issue 3 months ago • 8 comments

Reporting an Issue or Missing Feature

Cannot use SharePoint Delegated Sites.Selected permission

Expected behavior

When executing the following: connect-pnpOnline -Url "https://[tenant].sharepoint.com/sites/site1" -Interactive -ClientId "[app clientid]" Get-PnPSite

I get information about the current site.

App I'm using has Sites.Selected delegated SharePoint permission and was created following: Manually create an app registration for interactive login

Image

Actual behavior

Get-PnPSite returns: Get-PnPSite: Attempted to perform an unauthorized operation.

Steps to reproduce behavior

  1. Create an app registration following: Manually create an app registration for interactive login
  2. Grant necessary permission using: Grant-PnPAzureADAppSitePermission -AppId "[app clientid]" -DisplayName "[app name]" -Permissions FullControl -Site "https://[tenant].sharepoint.com/sites/site1"

What is the version of the Cmdlet module you are running?

3.1.195

Which operating system/environment are you running PnP PowerShell on?

  • [x] Windows
  • [ ] Linux
  • [ ] MacOS
  • [ ] Azure Cloud Shell
  • [ ] Azure Functions
  • [ ] Other : please specify

a1mery avatar Oct 27 '25 11:10 a1mery

@a1mery: Thanks for raising the bug. Try adding MS Graph Sites.Selected to see if it makes any difference.

Image

reshmee011 avatar Nov 01 '25 19:11 reshmee011

@a1mery - if you access it via the browser, are you able to view the site ? Delegated works with your current permissions

gautamdsheth avatar Nov 03 '25 14:11 gautamdsheth

@reshmee011 @gautamdsheth thanks for your replies ☺️ I've added the MS Graph Sites.Selected and same issue occurs 😔 I'm admin of the SharePoint site

a1mery avatar Nov 12 '25 22:11 a1mery

Alas I can reproduce the issue:<, Did you try the same with the version 3.1.0?

reshmee011 avatar Nov 13 '25 12:11 reshmee011

Yes, I tried using version 3.1.0. That's actually where I first encountered the issue, but I updated to the latest version to make sure it hadn’t already been resolved 😊

a1mery avatar Nov 14 '25 09:11 a1mery

It feels to me an issue with MS back end, by any chance have you got cli for m365 and try the same steps, connect using the client id and get the site details or using the ms graph powershell. If you can reproduce the issue with ms graph powershell, potentially you could raise a MS issue.

reshmee011 avatar Nov 14 '25 09:11 reshmee011

Same issue for me on the Mac and Debian 13 Linux terminals.

Granting Sites.Selected write permissions to App ID: 997644XX-XXXX-XXXX-XXXX Error: {"error":{"code":"accessDenied","message":"Access denied","innerError":{"date":"2025-11-16T08:30:50","request-id":"c4980bf0-7ee5-4ed8-96f1-12e1430acbe3","client-request-id":"c4980bf0-7ee5-4ed8-96f1-12e1430acbe3"}}}

ModuleType Version PreRelease Name ExportedCommands

Manifest 3.1.0 PnP.PowerShell

devdnn avatar Nov 16 '25 08:11 devdnn

In order to use Sites.Selected, you have to provide permissions to the site FOR the app.
https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html

_Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -Interactive

Grant the app access to a specific site

Grant-PnPAzureADAppSitePermission -AppId "YOUR-APP-ID" -DisplayName "Your App Name" -Site "https://yourtenant.sharepoint.com/sites/yoursite" ` -Permissions Write # or Read, FullControl_

kachihro avatar Nov 25 '25 22:11 kachihro