UnauthorizedAccessException when trying to recover the collection of sites

Question

Hi, I am trying to retrieve the list of sites with GetSiteCollectionManager() and GetSiteCollectionsAsync() methods via pnp. I created the context from the admin site and my user is sharepoint administrator but not Global admin and when I try to calling the two methods Graph API returns me this error:

{HttpResponseCode: 403Code: System.UnauthorizedAccessExceptionMessage: Access to Site in Graph API requires the following permissions: Sites.Read.All, Sites.ReadWrite.All. However, the application only has the following permissions granted: ChannelMessage.Read.All, Chat.Read, Chat.ReadWrite, Mail.ReadWriteClientRequestId: target: details: warnings: level: Error}

Yet in Azure AD I configured and authorized all necessary permissions as delegates.
The error problem is because the user is not global admin or because the permissions are delegated? Yet with a global admin user I do not receive this error but with a user not global admin but sharepoint admin yes. How can I avoid this error without giving users global admin permission?

Answer 1

Hi @Andrea

You should use application permissions to list all site collections instead of delegated permissions, this endpoint does not support delegated permissions.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.