search

pnp / powershell

PnP PowerShell
https://pnp.github.io/powershell
MIT License
648 stars 336 forks source link

[BUG] Connecting using Managed Identity in Azure Runbook with Sites.Selected results in "The Push Notifications feature is not activated on the site" #4084

Open yvesrosius opened 1 month ago

yvesrosius commented 1 month ago

Reporting an Issue

Expected behavior

After setting up a managed identity, linked to an Azure Runbook using "Sites.Selected" instead of "Sites.FullControl.All", the Runbook should be able to connect to the sites granted permissions.

The Runbook should be able to perform cmdlets:

Actual behavior

Errors are thrown:

Steps to reproduce behavior

  1. Create Automation Account (+ Runbook)
  2. Enable system-assigned managed identity
  3. Add-PnPAzureADServicePrincipalAppRole -Principal "mymanagedidentity" -AppRole "Sites.Selected" -BuiltInType SharePointOnline
  4. Grant-PnPAzureADAppSitePermission -AppId "aa37b89e-75a7-47e3-bdb6-b763851c61b6" -DisplayName "TestApp" -Permissions FullControl -Site https://contoso.sharepoint.com/sites/somesite

image

What is the version of the Cmdlet module you are running?

2.5.0

Which operating system/environment are you running PnP PowerShell on?

yvesrosius commented 1 month ago

Just made some progress..

https://www.blimped.nl/running-application-with-limited-sharepoint-permissions/

This article mentions 2 steps to grant permissions to the application.

Connect-PnPOnline -Url "https://contoso.sharepoint.com/sites/project-x" -Interactive

$permission = Grant-PnPAzureADAppSitePermission -AppId "ce6bb9a7-c909-4538-b9dd-930724d7259d" -DisplayName "TestApp" -Permissions Write 

Set-PnPAzureADAppSitePermission -PermissionId $permission.Id -Permissions FullControl

Could you please update the documentation on this PnP article using Sites.Selected?

Other people are also running into this issue, as seen in https://github.com/pnp/powershell/discussions/3219

yvesrosius commented 6 days ago

Any update on this? Thanks :-)