Open devwheel opened 5 years ago
Which permissions does the user you are testing with have in your test site https//foobar.sharepoint.com/teams/foosite (using ga)?
Interesting, I just tried it myself. New-PnPTermGroup
always fails, no matter what permissions you have in the site collection.
UNLESS you are some kind of admin (tenant in my case). Then the cmdlet succeeds but creates a new term group in the tenant term store, not the site collection term store.
Both of the following variants do NOT create a term group in the site collection term store, but the tenant term store:
$tg = New-PnPTermGroup -Name "FooGroup" -TermStore $tstore
$tg = New-PnPTermGroup -Name "FooGroup"
Strange.
Ha. Not strange at all. The term "site collection term store" is utterly misleading and I never thought about what this really is. It's no special term store, it's a special term group for the site collection, created in the central term store. There is an old article describing these special term groups:
a local terms set is 'local' in scope, but not in actual location - it is still stored in the central data repository of the Manged Metadata service application. In other words, every time you create a custom column of type 'Managed Metadata' and choose the 'Customize your term set' option, the associated Managed Metadata service application creates a new term store group, accessible only to the current site collection.
So to conclude:
I'm not sure about initially creating the term group as UI interaction seems to be necessary. There is some reflection going on here which is not available via CSOM. But here is the clue that might point in the right direction: calling termStore.GetSiteCollectionGroup
appears to create the group if it does not exist.
@heinrich-ulbricht 's comment is correct. This issue should be closed - it's not a bug. Thank you for posting this though, most people would just assume that you can create a term group at the site collection level. but this is not the case.
Reporting an Issue or Missing Feature
Please confirm what it is that your reporting
Expected behavior
New-PnPTermGroup : Access denied. You do not have permission to perform this action or access this resource.
Actual behavior
PS C:_Local\SharePoint\HR> $tg = New-PnPTermGroup -Name "Recruiting" -TermStore $tstore New-PnPTermGroup : Access denied. You do not have permission to perform this action or access this resource. At line:1 char:7
Steps to reproduce behavior
connect-pnponline -url https//foobar.sharepoint.com/teams/foosite (using ga) $tstore = Get-PnPSiteCollectionTermStore $tg = New-PnPTermGroup -Name "FooGroup" -TermStore $tstore
Which version of the PnP-PowerShell Cmdlets are you using?
What is the version of the Cmdlet module you are running?
ModuleType Version Name ExportedCommands
Binary 3.7.1903.0 SharePointPnPPowerShellOnline {Add-PnPAlert, Add-PnPApp, Add-PnPClientSidePage, Add-PnPClientSidePageSection...}
Binary 3.5.1901.0 SharePointPnPPowerShellOnline {Add-PnPApp, Add-PnPClientSidePage, Add-PnPClientSidePageSection, Add-PnPClientSideText...}
Binary 3.4.1812.2 SharePointPnPPowerShellOnline {Add-PnPApp, Add-PnPClientSidePage, Add-PnPClientSidePageSection, Add-PnPClientSideText...}
Binary 3.2.1810.0 SharePointPnPPowerShellOnline {Add-PnPApp, Add-PnPClientSidePage, Add-PnPClientSidePageSection, Add-PnPClientSideText...}
How did you install the PnP-PowerShell Cmdlets?