How to fix Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))'

Anonymous
2023-02-08T10:00:56.06+00:00
using (this.context = authManager.GetAzureADAccessTokenAuthenticatedContext(targetUrl, token))
                {
                    Web web = this.context.Web;

                    //web.BreakRoleInheritance(true, true);

                    this.context.Load(web);

                    this.context.Load(web.SiteUsers);

                   // this.context.Load(web.RoleDefinitions);

                   // this.context.Load(web.RoleAssignments);

                    this.context.ExecuteQuery();//the code will run fine 


                    BasePermissions perm = new BasePermissions();
                    perm.Set(PermissionKind.EditListItems);
                    

                    RoleDefinitionCreationInformation creationInfo = new RoleDefinitionCreationInformation();
                    creationInfo.BasePermissions = perm;
                    creationInfo.Description = "A role with edit permission";
                    creationInfo.Name = "Editor";
                    creationInfo.Order = 0;
                    RoleDefinition rd = this.context.Web.RoleDefinitions.Add(creationInfo);

                    this.context.ExecuteQuery();


                    Principal user = web.SiteUsers.GetByLoginName(userLoginName); //the code will run fine 
                    RoleDefinition readDef = web.RoleDefinitions.GetByName(groupName); //the code will run fine 
                    RoleDefinitionBindingCollection roleDefCollection = new RoleDefinitionBindingCollection(this.context);
                    roleDefCollection.Add(readDef);
                    RoleAssignment newRoleAssignment = web.RoleAssignments.Add(user, roleDefCollection);
                    context.ExecuteQuery(); //through an error 


                }

Microsoft.SharePoint.Client.ServerUnauthorizedAccessException: 'Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))'
Microsoft 365 and Office | SharePoint Server | Development
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 40,476 Reputation points Microsoft External Staff
    2023-02-09T05:44:04.7433333+00:00

    Hi @John Mphahlele

    Per my test, I can run the code and add permission to user successfully with your code.

    User's image

    My Token have full control with site. Please check your permission of your azure ad app only.

    You can grant Sites.FullControl.All in API permissions

    granting permissions to azure ad application


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.