PnP.Powershell Commands Requires what all Permission Level

Question

Hi
I am trying to get Role Assignments as Site Level, Document Library Level and File Level using these commands.

Get-PnPSubWeb -IncludeRootWeb -Includes RoleAssignments
Get-PnpList -Identity $ListName -Includes RoleAssignments
Get-PnpProperty -Identity $ListItem -Includes RoleAssignments

Also, I am authenticating my PS script using Azure AD App that is having site permission as Sites.FullControl, Sites.Manage.All and Sites.Read.All.
These commands throwing "Attempted to perform unauthorized operation" error when run without Sites.FullControl Permission, But I am not performing any write operation in my script that's why wanting to limit permissions to read level only.

I wanted to know is there any MS article or reference where I can see what all Permission level, I required to run these commands.

Kindly help!!

Answer 1

Hi @Hirdesh Baghel,

Per my research, currently there is no such offical document support Get-PnPSubWeb require permission. But in graph api, if you want to list the permission of a site. You will need at least Sites.FullControl.All permission. Please refer to the following document

https://learn.microsoft.com/en-us/graph/api/site-get-permission?view=graph-rest-1.0&tabs=http

---If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.