-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] New-PnPSite create a new SharePoint site by an managed identity gives error: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. #3823
Comments
can you double check the site is not created. I had something similar but the site got created, even though it said unauthorized. Ref: #3634 |
It looks like my problem is the parameter -TimeZone. When I try it without this paramter it is working fine. Does it work from your site with paramter -TimeZone ? |
likewise, check my comment of 8/01 in #3634 |
Hi, yes, it looks like I have the same issue. But I don't see any solution. |
Remove the timezone param from the new-pnpsite and use another pnp cmdlet to configure the timezone, I believe it’s under set-pnpweb?
|
But thats a workaround. Can you confirm that this is a bug and should work? |
I'm no developer of the PnP module. I'm only stating that I've faced the same issue and am using a workaround as they where unable to reproduce it.. |
I try to create a new modern group-based SharePoint site by an Azure function managed identity. The managed identity has "Sites.FullControl.All" permissions.
I got this error:
ERROR: Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
When I try another command to create a non-based SharePoint site it is working fine:
New-PnPTenantSite -Url "https://myCompany.sharepoint.com/teams/abc" -Title "SomeTitle" -Template "STS#0" -Owner "someUser@someCompany.com" -TimeZone 4
What is going wrong?
What is the version of the Cmdlet module you are running?
2.4.0
Which operating system/environment are you running PnP PowerShell on?
Azure Functions
UPDATE 1
I give the managed identity some more MS Graph permissions and now it is possible to create a group-based SharePoint site, but now I get the error below.
Error:
`2024-03-12T08:32:57Z [Error] ERROR: The remote server returned an error: (401) Unauthorized.
Exception :
Type : System.Management.Automation.PSInvalidOperationException
ErrorRecord :
Exception :
Type : System.Management.Automation.ParentContainsErrorRecordException
Message : The remote server returned an error: (401) Unauthorized.
HResult : -2146233087
CategoryInfo : InvalidOperation: (:) [], ParentContainsErrorRecordException
FullyQualifiedErrorId : InvalidOperation
TargetSite :
Name : ProcessRecord
DeclaringType : PnP.PowerShell.Commands.Base.PnPConnectedCmdlet
MemberType : Method
Module : PnP.PowerShell.dll
Message : The remote server returned an error: (401) Unauthorized.
Source : PnP.PowerShell
HResult : -2146233079
StackTrace :
at PnP.PowerShell.Commands.Base.PnPConnectedCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPConnectedCmdlet.cs:line 101
at PnP.PowerShell.Commands.PnPSharePointCmdlet.ProcessRecord() in c:\build\src\Commands\Base\PnPSharePointCmdlet.cs:line 131
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
CategoryInfo : InvalidOperation: (:) [New-PnPSite], PSInvalidOperationException`
UPDATE 2
It looks like a random behaviour. Now I have the initial error again: Authorization_RequestDenied Message: Insufficient privileges to complete the operation.
The text was updated successfully, but these errors were encountered: