This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 73%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Hello community!
I have to prepare report about OneDrive Usage, where I collect information about ItemCount. I have to do it for over 3000 Users.
Problem: PnPOnline requires connection to every Site Collection separately (not like SPOService - to tenant). Because of big amount of Sites, that I have to check, I don't want to login separately by every User. To avoid it, I wanted to use App with specific permissions. Currently my app has following access:
I can connect with the ClientID and ClientSecret to the Site (there is no error).
When I try to run a simply script >GetPnPList< I get following error:
Get-PnPList
Get-PnPList : Exception has been thrown by the target of an invocation.
At line:1 char:1
As far as I found out - it is caused by missing permissions.
Question: Which permissions are missing by the app?
@Joanna Łęgowska
To better help you, I would add a tag "sharepoint-dev". Thanks for your understanding.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi @Joanna Łęgowska ,
Per my test, this issue might not involve permission. Since Azure app is different with sharepoint app. Azure app is unable to use client secret to connect sharepoint. Certificate file is necessary. We need to login with following cmdlet :
Connect-PnPOnline -ClientId <$application client id as copied over from the AAD app registration above> -CertificatePath '<$path to the PFX file generated by the PowerShell script above>' -CertificatePassword (ConvertTo-SecureString -AsPlainText "<$password assigned to the generated certificate pair above>" -Force) -Url https://<$yourtenant>.sharepoint.com -Tenant "<$tenantname>.onmicrosoft.com"
Per my test, 'Site.Read.All' is enough for GetPnPList .
If you want to use Azure app you can refer to the following link:
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
If you want to use sharepoint app , please refer to the following link:
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
I found out yesterday the same reason, with the certificate it is working.
Thank you for your time!