PnP.Powershell Commands Requires what all Permission Level

Hirdesh Baghel 0 Reputation points

I am trying to get Role Assignments as Site Level, Document Library Level and File Level using these commands.

Get-PnPSubWeb -IncludeRootWeb -Includes RoleAssignments
Get-PnpList -Identity $ListName -Includes RoleAssignments
Get-PnpProperty -Identity $ListItem -Includes RoleAssignments

Also, I am authenticating my PS script using Azure AD App that is having site permission as Sites.FullControl, Sites.Manage.All and Sites.Read.All.
These commands throwing "Attempted to perform unauthorized operation" error when run without Sites.FullControl Permission, But I am not performing any write operation in my script that's why wanting to limit permissions to read level only.

I wanted to know is there any MS article or reference where I can see what all Permission level, I required to run these commands.

Kindly help!!

A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,169 questions
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
1,856 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 29,041 Reputation points Microsoft Vendor

    Hi @Hirdesh Baghel,

    Per my research, currently there is no such offical document support Get-PnPSubWeb require permission. But in graph api, if you want to list the permission of a site. You will need at least Sites.FullControl.All permission. Please refer to the following document

    ---If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.