pnp / PnP-PowerShell

SharePoint PnP PowerShell CmdLets
https://pnp.github.io/powershell
Other
990 stars 662 forks source link

Critical problem with Apply-PnPProvisioningTemplate cmdlet: personal view is created as public view in the destination site #3029

Open miguelisidoro opened 3 years ago

miguelisidoro commented 3 years ago

Hello,

I recently used SharePoint PnP PowerShell provisioning cmdlets to backup a production SharePoint Online site and restores into another production SharePoint Online site.

After applying the script in the destination site, I observed the following behaviors which are very important to be addressed with the Get-PnPProvisioningTemplate and the Apply-PnPProvisioningTemplate cmdlets.

The script I used is similar to the one below (The attached file at Issue_Apply-PnPProvisioningTemplate.zip contains the script I used based on the one I used, I changed some of the data due to privacy reasons).

$siteURL = "https://site.sharepoint.com/sites/source"

$location = Get-Location $templatePath = "$location\template.xml"

Connect-PnPOnline -Url $siteURL -UseWebLogin

Get-PnPProvisioningTemplate -Configuration "config.json" -out $templatePath

$siteURL = "https://site.sharepoint.com/sites/destination"

Connect-PnPOnline -Url $siteURL -UseWebLogin

Apply-PnPProvisioningTemplate -Path $templatePath

During the provisioning in the destination site, I found that a personal view on the source site ("Todos os Mapas") was created as a public view in the destination site. This caused sensitive information to be seen by unauthorized users

<View ... Personal="TRUE" DisplayName="Todos os Mapas" />

The view definition is in the attached file template.xml (inside the zip file) contains the complete view definition.

I then removed the "Todos os Mapas" and created a personal view with the same name in the destination site and executed the script again and the view is updated from a personal view to a public view!

I ask you to please address this issue as soon as possible since it can cause critical issues such as showing information to unauthorized users.

I also noticed in the exported template.xml file there are no site columns or content type definition and I wonder how the site columns and content types are created in the destination site. Can you please explain? Is there anyway for the site columns and content types to be exported. In the site I exported there are some lookup fields, and I didn't understand how the lookup fields are created and where is the information on the list and field where the lookup field gets the information from.

Thanks, Miguel Issue_Apply-PnPProvisioningTemplate.zip