This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 14.000000000000002%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
I have an azure function that creates sites in sharepoint.
The problem is that after giving Sites.FullControl.All permissions under Microsoft Graph on the Managed Identity that the Azure function authenticates with, it creates the site correctly but when it goes to add the newly created site to the Sites.Selected application record it fails authentication:
Instruction:
Grant-PnPAzureADAppSitePermission -AppId $envAppIdProvisioning -DisplayName $envAppNameNameProvisioning -Site $paramUrlSite -Permissions FullControl
Error message:
{“error”:{“code”: “AccessDenied”, “message”: “Either scp or roles claim need to be present in the token. “,”innerError“:{”date“:”2024-06-05T06:53:07“,”request-id“:”43e0cf99-c8b5-4cda-b783-de3fd1a241c8“,”client-request-id“:”43e0cf99-c8b5-4cda-b783-de3fd1a241c8"}}}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Azahara Cruz ,
Those are two different permissions. The AllSites.FullControl is delegated, running under the user context. The Sites.FullControl.All is an application type (app only) permission, that allows the app to access the resource without a user. I think you also need to include:
SharePointOnlineScope = "AllSites.FullControl"