search

PowershellScripts / SharePointOnline-ScriptSamples

Over 260 scripts for SharePoint Online (SPO), OneDrive for Business, and SharePoint Server. The samples fix issues, provide reports and extra settings not available via UI. The scripts use Powershell, C#, CSOM and REST. They include copies of existing scripts from Technet Gallery years 2013-2019. >>> Scroll down to see the full index
100 stars 37 forks source link

Permission issue to browse lists of SPO sites #192

Closed ZeBix78 closed 3 years ago

ZeBix78 commented 3 years ago

Greetings, I'm noob to Github so please pardon me if this is not the appropriate place to discuss this.

I am very interested in your work, notably the "Versioning" scripts for SharePoint Online. I were redirected by Microsoft Support to your TechNet Library site, but as TechNet is being decommissioned, commenting seems to have been disabled, therefore here I am.

In all the documentation/explanations I've found about the scripts, you don't mention the necessary permissions to run them further than "SharePoint administrator".
I use a tenant global admin account, which has access to the SharerPoint admin center, and I get "401 unauthorized" on all the SPO sites I am trying to browse with the scripts. I manage to connect to SPO, I can list all the sites URLs, name, MB usage etc.. But when I load the lists in the context (ctx.Load($Lists)), once I try to execute the query ($ctx.ExecuteQuery()) , I get an error "The remote server returned an error: (401) Unauthorized".

If I put myself (or the global admin) Owner of a site of course it works correctly, but it's not so clean because it'll be seen by site members, and I would like the operation to be as invisible as possible, just like we did with SP onprem when we were Farm Admins (I know, this doesn't exist anymore in SPO).

In the example screenshots you provide on TechNet for those scripts, I see a lot of sites you are able to list.

So my question is: Did you put yourself (or the account you run the script with) Owner of every site beforehand?

Or, what I'm really hoping here, there is a less known permission somewhere to give to an admin account, so that it can browse the content of all sites? If so, can you tell me which one?

PowershellScripts commented 3 years ago

Hi Bix,

For most of the sites I use site collection admin account. I don't go into details on permissions, because for many of the scripts that's not the minimum required privilege. It's just useful for the sample.

I understand your pain about adding admin account to the site. In production we often add it before running the script and remove just after.

Hope that helps, Arleta