Permissions assigned with Grant-PnPAzureADAppSitePermission on a site do not work with custom or non-inherited security.

Jairo Javier Baleta Cali 106 Reputation points
2024-04-25T22:52:10.33+00:00

Good afternoon.

When you create the document library and leave it securely inheriting from the main site and allowing you to create folders and files without problems with Add-PnPFolder and Add-PnPFile.

But I disinherited the document library permissions and it stopped working throwing the following messages:

Get-PnPFolder : The specified object does not belong to a list.

Add-PnPFile : The specified object does not belong to a list.

Set-PnPListItem : No -Identity has been provided specifying the item to update

Add-PnPFolder: File not found.

Add-PnPFile : Access denied.

In summary I have the disadvantages:

  1. The permissions I assigned via Grant-PnPAzureADAppSitePermission to an AzureAD Application do not work when the document library has custom permissions or security is not inherited from the parent site. It especially throws the errors: Get-PnPFolder : The specified object does not belong to a list, Add-PnPFile : The specified object does not belong to a list and Set-PnPListItem : No -Identity has been provided specifying the item to update. How could I make the AzureAD Application have write permissions to the document library with custom permissions?
  2. The security of the document library in point 1 means that it will again inherit the security of the main site and no longer allows adding or updating folders and files. It especially throws the errors: Get-PnPFolder : The specified object does not belong to a list, Add-PnPFile : The specified object does not belong to a list and Set-PnPListItem : No -Identity has been provided specifying the item to update. How could I make the AzureAD Application have write permissions to the document library?
  3. When the document library has custom permissions or security or does not inherit from the main site and the Grant-PnPAzureADAppSitePermission command is executed, it does not allow adding or updating the folders and files. It especially throws the errors: Add-PnPFolder: File not found and Add-PnPFile: Access denied. How could I make the AzureAD Application have write permissions to the document library with custom permissions?

I hope you can help me.

Thank you so much.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,792 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,132 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,984 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Yanli Jiang - MSFT 21,616 Reputation points Microsoft Vendor
    2024-04-26T07:23:16.5133333+00:00

    Hi @Jairo Javier Baleta Cali ,

    This result is as expected because the AzureAD Application does not have permission to this Library that breaks inheritance. As of now, we only can grant permission to Apply registrations to SharePoint Online Site Collection.

    I recommend you can create a feedback on this issue. Many features of our current products are designed and upgraded based on customers’ feedback. With requirements like this increase, the problem may well be released in the future. Thanks for your understanding and support.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.