Hey everyone! I'm trying to figure out how to check the permissions I granted to a service principal for a SharePoint site, specifically after giving it 'Sites.Selected' API permission. I've connected using the command: `Connect-PnPOnline tenant.sharepoint.com -Interactive -ClientId "CLIENTID"`. I've also made myself a Site Admin for this site and provided read access to my app registration using this command: `Grant-PnPAzureADAppSitePermission -AppId "TARGETAPPID" -DisplayName "App Reg Name" -Permissions Read -Site https://tenant.sharepoint.com/sites/Test`. I received output that indicates I granted read permissions. While I can get information about the SharePoint site with `Get-PnPList`, I'm not sure which command I should run to verify whether my service principal actually has those read permissions. Can anyone help?
3 Answers
You can definitely use `Get-PnPAzureADAppSitePermission` to see what roles have been assigned to your service principal. Just to recap, if you've already used the grant command, the same command will confirm the permissions. If you want to double-check the actual access, try running a read command using your app’s credentials to see if it works. This will help clear anything up!
Make sure you're connecting with your primary ClientId since you'll need site admin privileges again for this task. Once you're connected, use the `Get-PnPAzureADAppSitePermission` to see which app registrations have access and what roles they were granted. This is the easiest way to verify the permissions for your service principal.
Got it, I'll connect with my main ClientId. How can I define the service principal to get its permission details?
To check your service principal's permissions, you can use the `Get-PnPAzureADAppSitePermission` command. Just make sure you're connected to the site using the same method when you executed the grant command. This will list out all the app registrations that have access along with their roles. For example, run: `Get-PnPAzureADAppSitePermission -Site https://tenant.sharepoint.com/sites/Test` to see the details!
I get a permission authorization error when I try that.
Thanks for the insight! Appreciate the detailed explanation.