Share via

Which API permission do I need to use for SharePoint PnP Powershell script with certificate?

dream sat 20 Reputation points
2023-08-28T13:35:26.5+00:00

I would like to make a PowerShell script to automate some logic. I would like to use an Azure appregistration with a certificate. Which Api do I need to use? I see 2 differant Api permissions. I can use MS Graph or SharePoint.

This is an example of my PowerShell commando:

Connect-PnPOnline https://myCompany.sharepoint.com/sites/SomeSpecificSite -ClientId $clientId -Thumbprint $thumbprint -Tenant myCompany.onmicrosoft.com

I already created a self signed certificate and install it on my local computer, upload it to the Azure appregistration and I have the thumbprint.azure appregistration api permissions

Microsoft 365 and Office | SharePoint | Development
Microsoft 365 and Office | SharePoint | For business | Windows
Windows for business | Windows Server | User experience | PowerShell
0 comments
Accepted answer
  1. Anonymous
    2023-08-29T02:10:38.3066667+00:00

    Hi @dream sat

    When I received the case, I searched a lot of documents did a lot of researches.You need to use the SharePoint API permissions for your SharePoint PnP PowerShell script with certificate.

    The specific permissions you need depend on the operations you want to perform with the script, but some common ones are:

    SharePoint -> Application Permissions -> AllSites -> AllSites.FullControl

    SharePoint -> Application Permissions -> Sites -> Sites.FullControl.All

    SharePoint -> Application Permissions -> TermStore -> TermStore.ReadWrite.All

    SharePoint -> Application Permissions -> User -> User.ReadWrite.All

    You can configure these permissions in your Azure AD application that you use to connect to SharePoint Online with the Connect-PnPOnline cmdlet.

    You can also use the PnP PowerShell command New-PnPAzureCertificate to create a self-signed certificate for authentication.

    For more details, please refer to the following links:

    https://pnp.github.io/pnpcore/using-the-sdk/configuring%20authentication.html

    https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards

    Cheng Feng

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.