pnp / powershell

PnP PowerShell
https://pnp.github.io/powershell
MIT License
684 stars 348 forks source link

[BUG] set-pnpplannertask not updating records #4310

Closed skaufman-bbins closed 1 month ago

skaufman-bbins commented 2 months ago

PNP.SharePoint module v2.12.0 on PowerShell 7.4.5

cmdlet: Set-PNPPlannerTask

Reporting an Issue or Missing Feature

Set-PNPPlannerTask is not assigning users

Expected behavior

Before the switch (PNP.SharePoint v2.9) to using the new security model, the set-pnpplannertask would update the assignedto on tasks

Actual behavior

Upgrading to PNP.Sharepoint 2.12.0 & going through the process of registering the new application, the set-pnpplannertask is no longer assigning users to tasks

Steps to reproduce behavior

> $clientid = "xxxxx-xxx-xx-xx-guid"

> $tenant = "tenantdnsname.onmicrosoft.com"

> connect-pnponline -Url https://xxxxx.sharepoint.com -Interactive -clientid $ClientID -tenant $tenant -Verbose

VERBOSE: PnP PowerShell Cmdlets (2.12.0) VERBOSE: Connecting using Interactive login VERBOSE: Using ClientID 5b37e74f-01ab-4baa-a968-c18cfba99d21 VERBOSE: Connected ---Logon with my GA account or service account. Both accounts have permissions to the Planner & the underlying M365 group.

> get-pnpconnection

ConnectionMethod : Credentials ConnectionType : O365 InitializationType : Unknown Scopes : PSCredential : ClientId : xxxxxxx-xxx-x-x-xxxxxxxxx ClientSecret : ApplicationInsights : PnP.PowerShell.ALC.ApplicationInsights Url : https:///xxxxx.sharepoint.com/ TenantAdminUrl : Certificate : DeleteCertificateFromCacheOnDisconnect : False Context : PnP.Framework.PnPClientContext Tenant : UserAssignedManagedIdentityObjectId : UserAssignedManagedIdentityClientId : UserAssignedManagedIdentityAzureResourceId : AzureEnvironment : Production

> $groupID = "xxxxxx-xxx-x-xxx-xx-x" #the group ID where the Planner resides

> $planID = "xxxxx-x-xxx-xxx" #The GUID of the Planner in the group

> $PlannerBucketTasks = Get-PnPPlannerTask -Group $groupId -Plan $planId | where-object {($.percentcomplete -lt 100) -and (($.assignments).count -eq 0)}

> $PlannerBucketTasks.count

41

> $PlannerBucketTasks # To print out all the planner tasks

> USER:ScottK .\ScottK\ Wednesday 02:28:33 PM

[0.95 sec] > get-pnpplannertask -TaskId LPU3MybzvUO5dE2jt0O9_WQAEbkA

Title : [Microsoft Teams] (Updated) Now get Real Time Calendar Notifications in Teams [MC704955] Id : LPU3MybzvUO5dE2jt0O9_WQAEbkA BucketId : CYMPY3GVMkqsFqrxfxe8EGQAAtdD AssigneePriority : PercentComplete : 50 StartDateTime : 1/9/2024 5:00:08 AM CreatedDateTime : 1/9/2024 5:00:08 AM DueDateTime : CompletedDateTime : HasDescription : True PreviewType : description CreatedBy : 85f3cfbb-71d4-456e-ac08-770056de2586 AppliedCategories : Category4 Assignments : {}

USER:ScottK .\ScottK\ Wednesday 02:28:54 PM [0.8 sec] > Set-PnPPlannerTask -AssignedTo "planner.user1@mytenantname.com" -taskid "LPU3MybzvUO5dE2jt0O9_WQAEbkA"

USER:ScottK .\ScottK\ Wednesday 02:29:07 PM [2.91 sec] > get-pnpplannertask -TaskId LPU3MybzvUO5dE2jt0O9_WQAEbkA

Title : [Microsoft Teams] (Updated) Now get Real Time Calendar Notifications in Teams [MC704955] Id : LPU3MybzvUO5dE2jt0O9_WQAEbkA BucketId : CYMPY3GVMkqsFqrxfxe8EGQAAtdD AssigneePriority : PercentComplete : 50 StartDateTime : 1/9/2024 5:00:08 AM CreatedDateTime : 1/9/2024 5:00:08 AM DueDateTime : CompletedDateTime : HasDescription : True PreviewType : description CreatedBy : 85f3cfbb-71d4-456e-ac08-770056de2586 AppliedCategories : Category4 Assignments : {}

In previous version of PNP.PowerShell (v2.9.0), this command would assign the user to the planner task

USER:ScottK .\ScottK\ Wednesday 02:30:08 PM [2.6 sec] > Set-PnPPlannerTask -AssignedTo "myuseraccount@mytenantname.com" -taskid "n-vBZXgU4k-OygMLGGtnn2QADpCB" -verbose VERBOSE: Making GET call to https://graph.microsoft.com/v1.0/planner/tasks/n-vBZXgU4k-OygMLGGtnn2QADpCB VERBOSE: Response successful with HTTP 200 OK containing 993 characters VERBOSE: Making POST call to https://graph.microsoft.com/v1.0/$batch with body '{"requests":[{"id":"1","method":"GET","url":"/users/skaufman@bbins.com?$select=id"}]}' VERBOSE: Response successful with HTTP 200 OK containing 412 characters VERBOSE: Making PATCH call to https://graph.microsoft.com/v1.0/planner/tasks/n-vBZXgU4k-OygMLGGtnn2QADpCB with body '{"assignments":{}}' VERBOSE: Response successful with HTTP 204 NoContent containing 0 characters

Disconnect-pnponline & try again using service account that is setup in Azure Automation Playbook - same result

I can manually assign tasks to users via the UI, and then see the assignment from the command line. But cannot change the assignment for any existing/new tasks. Azure sign-in logs show successful authentication.

What is the version of the Cmdlet module you are running?

(you can retrieve this by executing Get-Module -Name "PnP.PowerShell" -ListAvailable)

> get-module PNP.PowerShell

ModuleType Version PreRelease Name ExportedCommands


Manifest 2.12.0 PNP.Powershell {Add-PnPAlert, Add-PnPApp, Add-PnPApplicationCust…

> $PSVersionTable

Name Value


PSVersion 7.4.5 PSEdition Core GitCommitId 7.4.5 OS Microsoft Windows 10.0.19045 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

Which operating system/environment are you running PnP PowerShell on?

jackpoz commented 2 months ago

VERBOSE: Making PATCH call to https://graph.microsoft.com/v1.0/planner/tasks/n-vBZXgU4k-OygMLGGtnn2QADpCB with body '{"assignments":{}}'

If this log is to be trusted, then somehow the assignment is not passed correctly as the property is set to an empty object.

jackpoz commented 1 month ago

I did some tests:

I would suggest to run

Invoke-PnPGraphMethod "/users/planner.user1@mytenantname.com?`$select=id"

to ensure that your app registration has the required permissions. See below an example of error when the permissions are missing: image

skaufman-bbins commented 1 month ago

Took me a bit and a lot of reading/trying, but I was able to figure out the missing permissions. The registration command adds the default permissions which aren't enough to manage/assign Planner tasks. Ultimately I ended up with the following permissions where my script runs locally, and in azure automation runbook with a stored credential.

Microsoft.Graph Group.ReadWrite.All - Delegated & admin consent Group.ReadWrite.All - Application & admin consent Tasks.ReadWrite - Delegated & admin consent (but not required) Tasks.ReadWrite.Shared - Delegated & admin consent (but not required) User.ReadWrite.All - Application & admin consent

SharePoint AllSites.FullControl - delegated & admin consent Sites.FullControl.All - Application & admin consent TaskStatus.Submit - Delegated & admin consent (but not required) User.ReadWrite.All - Delegated & admin consent User.ReadWrite.All - Application & admin consent

Caveat: In my environment, the account used to run a lot of automation also performs many other tasks, so some of these permissions may not be needed for just Planner Tasks.

jackpoz commented 1 month ago

I tried Graph delegated User.ReadBasic.All but somehow that scope was never included in the token that I received, so I tried User.Read.All and that was enough to get the user id and assign the task.

gautamdsheth commented 1 month ago

Thanks for confirming, closing this as it is a permission issue.