Next get the Permission ID of the permission object just created by using Get-PnPAzureADAppSitePermission (line 15). So you first have to create a permission object to a Site with Read/Write Permissions using Grant-PnPAzureADAppSitePermission (line 12). The trick with the script below is that in Microsoft Graph it is not currently possible to create a permission object in a site with Full Control permissions – only Read & Write. So you will then need to use Microsoft Graph calls for administering SharePoint rather then PnP cmdlets. The same approach could be used for Microsoft Graph Sites.Selected permissions also except line 22 (New-PnPList) will not work as most PnP PowerShell cmdlets use CSOM behind the scenes and not Microsoft Graph. I will now show you below with a script how you can assign an existing Azure AD App (to create a new Azure AD App use Register-PnPAzureADApp) with SharePoint Sites.Selected permissions to a Site with Full Control using PnP PowerShell. Guide: How to add an Azure AD app with SharePoint Sites.Selected permission to sites with Full Control What I wanted was a permission object for the application on the site to have FullControl and be able to do everything in the site i.e. you can add content to libraries but not create any new libraries or make changes to the structure of existing libraries. I did some testing of the permissions and the Write permission is unfortunately more like a standard Contribute permission in a SharePoint site i.e. SharePoint: P nP PowerShell/CSOM Now Works With SharePoint Sites.Selected Permission using Azure AD App.Microsoft Graph: Testing out the new Microsoft Graph SharePoint (specific site collection) app permissions with PnP PowerShell.See my earlier blogs on Sites.Selected for Microsoft Graph & SharePoint: Both processes only give the access Read or Write permissions to the site and not Full Control. When created the app by default with Sites.Selected permissions does not have access to any SharePoint sites and has to be explicitly added added using Microsoft Graph or PnP PowerShell ( Grant-PnPAzureADAppSitePermission) to the site(s) to be administered. Over the past year Microsoft have released Sites.Selected permissions for both Microsoft Graph & SharePoint which can be given to an Azure AD App (App Registration).
0 Comments
Leave a Reply. |