
Hi @dream sat
When I received the case, I searched a lot of documents did a lot of researches.You need to use the SharePoint API permissions for your SharePoint PnP PowerShell script with certificate.
The specific permissions you need depend on the operations you want to perform with the script, but some common ones are:
SharePoint -> Application Permissions -> AllSites -> AllSites.FullControl
SharePoint -> Application Permissions -> Sites -> Sites.FullControl.All
SharePoint -> Application Permissions -> TermStore -> TermStore.ReadWrite.All
SharePoint -> Application Permissions -> User -> User.ReadWrite.All
You can configure these permissions in your Azure AD application that you use to connect to SharePoint Online with the Connect-PnPOnline cmdlet.
You can also use the PnP PowerShell command New-PnPAzureCertificate to create a self-signed certificate for authentication.
For more details, please refer to the following links:
https://pnp.github.io/pnpcore/using-the-sdk/configuring%20authentication.html
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best Regards
Cheng Feng