But I get exceptions when trying.
Owner permissions should be assigned as described.
Existing access token still valid. Returning...
Request:
{
"url": "https://graph.microsoft.com/v1.0/sites/blimped.sharepoint.com:/sites/learning",
"method": "get",
"headers": {
"common": {
"Accept": "application/json, text/plain, */*"
},
"delete": {},
"get": {},
"head": {},
"post": {
"Content-Type": "application/x-www-form-urlencoded"
},
"put": {
"Content-Type": "application/x-www-form-urlencoded"
},
"patch": {
"Content-Type": "application/x-www-form-urlencoded"
},
"user-agent": "NONISV|SharePointPnP|CLIMicrosoft365/5.8.0",
"accept-encoding": "gzip, deflate",
"accept": "application/json;odata.metadata=none",
"authorization": "Bearer "
},
"responseType": "json",
"decompress": true
}
Response:
{
"url": "https://graph.microsoft.com/v1.0/sites/blimped.sharepoint.com:/sites/learning",
"status": 200,
"statusText": "OK",
"headers": {
"cache-control": "no-store, no-cache",
"transfer-encoding": "chunked",
"content-type": "application/json;odata.metadata=none;odata.streaming=true;IEEE754Compatible=false;charset=utf-8",
"vary": "Accept-Encoding",
"strict-transport-security": "max-age=31536000",
"request-id": "7a0d9e45-1486-447a-ad47-66bf45f1f84a",
"client-request-id": "7a0d9e45-1486-447a-ad47-66bf45f1f84a",
"x-ms-ags-diagnostic": "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"004\",\"RoleInstance\":\"AM2PEPF0000BE68\"}}",
"odata-version": "4.0",
"date": "Tue, 30 Aug 2022 19:40:00 GMT",
"connection": "close"
},
"data": {
"createdDateTime": "2022-05-09T07:58:18.56Z",
"description": "",
"id": "blimped.sharepoint.com,f0f0506e-99c5-4fc0-83f5-a61cadd60713,35bf8254-4e79-4414-b8c9-b9906368aff1",
"lastModifiedDateTime": "2022-08-27T17:06:59Z",
"name": "Learning",
"webUrl": "https://blimped.sharepoint.com/sites/Learning",
"displayName": "New title",
"root": {},
"siteCollection": {
"hostname": "blimped.sharepoint.com"
}
}
}
Existing access token still valid. Returning...
Request:
{
"url": "https://graph.microsoft.com/v1.0/myorganization/applications?$filter=appId eq '4b892a20-df78-4105-81fa-cd7cfa02205f'",
"method": "get",
"headers": {
"common": {
"Accept": "application/json, text/plain, */*"
},
"delete": {},
"get": {},
"head": {},
"post": {
"Content-Type": "application/x-www-form-urlencoded"
},
"put": {
"Content-Type": "application/x-www-form-urlencoded"
},
"patch": {
"Content-Type": "application/x-www-form-urlencoded"
},
"user-agent": "NONISV|SharePointPnP|CLIMicrosoft365/5.8.0",
"accept-encoding": "gzip, deflate",
"accept": "application/json;odata.metadata=none",
"authorization": "Bearer "
},
"responseType": "json",
"decompress": true
}
Response:
{
"url": "https://graph.microsoft.com/v1.0/myorganization/applications?$filter=appId eq '4b892a20-df78-4105-81fa-cd7cfa02205f'",
"status": 200,
"statusText": "OK",
"headers": {
"cache-control": "no-cache",
"transfer-encoding": "chunked",
"content-type": "application/json;odata.metadata=none;odata.streaming=true;IEEE754Compatible=false;charset=utf-8",
"vary": "Accept-Encoding",
"strict-transport-security": "max-age=31536000",
"request-id": "0590a8a1-4401-4af4-a146-a71899d270f4",
"client-request-id": "0590a8a1-4401-4af4-a146-a71899d270f4",
"x-ms-ags-diagnostic": "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"004\",\"RoleInstance\":\"AM2PEPF0000BE6B\"}}",
"x-ms-resource-unit": "2",
"odata-version": "4.0",
"date": "Tue, 30 Aug 2022 19:40:00 GMT",
"connection": "close"
},
"data": {
"value": [
{
"id": "38b024cf-76a6-48df-83de-d206885fd5d7",
"deletedDateTime": null,
"appId": "4b892a20-df78-4105-81fa-cd7cfa02205f",
"applicationTemplateId": null,
"disabledByMicrosoftStatus": null,
"createdDateTime": "2022-08-30T19:23:54Z",
"displayName": "My awesome app no manifest",
"description": null,
"groupMembershipClaims": null,
"identifierUris": [],
"isDeviceOnlyAuthSupported": null,
"isFallbackPublicClient": null,
"notes": null,
"publisherDomain": "blimped.nl",
"serviceManagementReference": null,
"signInAudience": "AzureADMyOrg",
"tags": [],
"tokenEncryptionKeyId": null,
"samlMetadataUrl": null,
"defaultRedirectUri": null,
"certification": null,
"optionalClaims": null,
"addIns": [],
"api": {
"acceptMappedClaims": null,
"knownClientApplications": [],
"requestedAccessTokenVersion": null,
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
"appRoles": [],
"info": {
"logoUrl": null,
"marketingUrl": null,
"privacyStatementUrl": null,
"supportUrl": null,
"termsOfServiceUrl": null
},
"keyCredentials": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"publicClient": {
"redirectUris": []
},
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "20d37865-089c-4dee-8c41-6967602d4ac8",
"type": "Role"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "883ea226-0bf2-4a8f-9f9d-92c9162a727d",
"type": "Role"
}
]
}
],
"verifiedPublisher": {
"displayName": null,
"verifiedPublisherId": null,
"addedDateTime": null
},
"web": {
"homePageUrl": null,
"logoutUrl": null,
"redirectUris": [],
"implicitGrantSettings": {
"enableAccessTokenIssuance": false,
"enableIdTokenIssuance": false
}
},
"spa": {
"redirectUris": []
}
}
]
}
}
Existing access token still valid. Returning...
Request:
{
"url": "https://graph.microsoft.com/v1.0/sites/blimped.sharepoint.com,f0f0506e-99c5-4fc0-83f5-a61cadd60713,35bf8254-4e79-4414-b8c9-b9906368aff1/permissions",
"method": "post",
"headers": {
"common": {
"Accept": "application/json, text/plain, */*"
},
"delete": {},
"get": {},
"head": {},
"post": {
"Content-Type": "application/x-www-form-urlencoded"
},
"put": {
"Content-Type": "application/x-www-form-urlencoded"
},
"patch": {
"Content-Type": "application/x-www-form-urlencoded"
},
"user-agent": "NONISV|SharePointPnP|CLIMicrosoft365/5.8.0",
"accept-encoding": "gzip, deflate",
"accept": "application/json;odata.metadata=none",
"content-type": "application/json;odata=nometadata",
"authorization": "Bearer "
},
"responseType": "json",
"decompress": true,
"data": {
"roles": [
"owner"
],
"grantedToIdentities": [
{
"application": {
"id": "4b892a20-df78-4105-81fa-cd7cfa02205f",
"displayName": "My awesome app no manifest"
}
}
]
}
}
Request error:
{
"url": "https://graph.microsoft.com/v1.0/sites/blimped.sharepoint.com,f0f0506e-99c5-4fc0-83f5-a61cadd60713,35bf8254-4e79-4414-b8c9-b9906368aff1/permissions",
"status": 400,
"statusText": "Bad Request",
"headers": {
"cache-control": "no-store, no-cache",
"transfer-encoding": "chunked",
"content-type": "application/json",
"vary": "Accept-Encoding",
"strict-transport-security": "max-age=31536000",
"request-id": "fecd7060-429f-453b-a10d-af82632a262c",
"client-request-id": "fecd7060-429f-453b-a10d-af82632a262c",
"x-ms-ags-diagnostic": "{\"ServerInfo\":{\"DataCenter\":\"West Europe\",\"Slice\":\"E\",\"Ring\":\"5\",\"ScaleUnit\":\"004\",\"RoleInstance\":\"AM2PEPF0000BE3B\"}}",
"link": "<https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=v1.0,Removal&from=2021-09-01&to=2021-10-01>;rel=\"deprecation\";type=\"text/html\", <https://developer.microsoft-tst.com/en-us/graph/changes?$filterby=v1.0,Removal&from=2021-09-01&to=2021-10-01>;rel=\"deprecation\";type=\"text/html\"",
"deprecation": "Fri, 03 Sep 2021 23:59:59 GMT",
"sunset": "Sun, 03 Sep 2023 23:59:59 GMT",
"date": "Tue, 30 Aug 2022 19:40:00 GMT",
"connection": "close"
},
"error": {
"error": {
"code": "invalidRequest",
"message": "Invalid value for role",
"innerError": {
"date": "2022-08-30T19:40:01",
"request-id": "fecd7060-429f-453b-a10d-af82632a262c",
"client-request-id": "fecd7060-429f-453b-a10d-af82632a262c"
}
}
}
}
{
"os": {
"platform": "linux",
"version": "#1 SMP Wed Mar 2 00:30:59 UTC 2022",
"release": "5.10.102.1-microsoft-standard-WSL2"
},
"cliVersion": "5.8.0",
"nodeVersion": "v16.15.0",
"cliAadAppId": "31359c7f-bd7e-475c-86db-fdb8c937548e",
"cliAadAppTenant": "common",
"authMode": "DeviceCode",
"cliEnvironment": "",
"cliConfig": {},
"roles": [],
"scopes": [
"AllSites.FullControl",
"AppCatalog.ReadWrite.All",
"AuditLog.Read.All",
"Bookings.Read.All",
"ChannelMember.ReadWrite.All",
"ChannelMessage.Read.All",
"ChannelMessage.Send",
"ChannelSettings.ReadWrite.All",
"Chat.Read",
"Chat.ReadWrite",
"Directory.AccessAsUser.All",
"Directory.ReadWrite.All",
"ExternalConnection.ReadWrite.All",
"Group.ReadWrite.All",
"IdentityProvider.ReadWrite.All",
"Mail.ReadWrite",
"Mail.Send",
"Notes.Read.All",
"Place.Read.All",
"Policy.Read.All",
"Reports.Read.All",
"SecurityEvents.Read.All",
"ServiceHealth.Read.All",
"ServiceMessage.Read.All",
"ServiceMessageViewpoint.Write",
"Tasks.ReadWrite",
"Team.Create",
"TeamMember.ReadWrite.All",
"TeamsApp.ReadWrite.All",
"TeamsAppInstallation.ReadWriteForUser",
"TeamSettings.ReadWrite.All",
"TeamsTab.ReadWrite.All",
"TermStore.ReadWrite.All",
"User.Invite.All",
"User.ReadWrite.All",
"profile",
"openid",
"email",
"AllSites.FullControl",
"AppCatalog.ReadWrite.All",
"AuditLog.Read.All",
"ChannelMember.ReadWrite.All",
"ChannelMessage.Read.All",
"ChannelMessage.Send",
"ChannelSettings.ReadWrite.All",
"Chat.Read",
"Chat.ReadWrite",
"Directory.AccessAsUser.All",
"Directory.ReadWrite.All",
"Group.ReadWrite.All",
"IdentityProvider.ReadWrite.All",
"Mail.ReadWrite",
"Mail.Send",
"Place.Read.All",
"Policy.Read.All",
"Reports.Read.All",
"SecurityEvents.Read.All",
"ServiceHealth.Read.All",
"ServiceMessage.Read.All",
"ServiceMessageViewpoint.Write",
"Tasks.ReadWrite",
"Team.Create",
"TeamMember.ReadWrite.All",
"TeamsApp.ReadWrite.All",
"TeamsAppInstallation.ReadWriteForUser",
"TeamSettings.ReadWrite.All",
"TeamsTab.ReadWrite.All",
"TermStore.ReadWrite.All",
"User.Invite.All",
"User.ReadWrite.All",
"AllSites.FullControl",
"AppCatalog.ReadWrite.All",
"AuditLog.Read.All",
"ChannelMember.ReadWrite.All",
"ChannelMessage.Read.All",
"ChannelMessage.Send",
"ChannelSettings.ReadWrite.All",
"Chat.Read",
"Chat.ReadWrite",
"Directory.AccessAsUser.All",
"Directory.ReadWrite.All",
"Group.ReadWrite.All",
"IdentityProvider.ReadWrite.All",
"Mail.ReadWrite",
"Mail.Send",
"Place.Read.All",
"Policy.Read.All",
"Reports.Read.All",
"SecurityEvents.Read.All",
"ServiceHealth.Read.All",
"ServiceMessage.Read.All",
"ServiceMessageViewpoint.Write",
"Tasks.ReadWrite",
"Team.Create",
"TeamMember.ReadWrite.All",
"TeamsApp.ReadWrite.All",
"TeamsAppInstallation.ReadWriteForUser",
"TeamSettings.ReadWrite.All",
"TeamsTab.ReadWrite.All",
"TermStore.ReadWrite.All",
"User.Invite.All",
"User.ReadWrite.All"
]
}
Description
The docs for
spo site apppermission addandspo site apppermission setspeak about being able to set owner permissionshttps://pnp.github.io/cli-microsoft365/cmd/spo/site/site-apppermission-add/
https://pnp.github.io/cli-microsoft365/cmd/spo/site/site-apppermission-set/
But I get exceptions when trying.
Steps to reproduce
Create an app:
Assign that app read or write permissions works:
Assigning that app owner permissions throws an error
Error: Invalid value for role:Updating read/write permissions to owner permissions throws an error
Error: Invalid request:Expected results
Owner permissions should be assigned as described.
Actual results
The command throws an error
Diagnostics
CLI for Microsoft 365 version
5.7.0
nodejs version
16.15.0
Operating system (environment)
Linux
Shell
zsh
cli doctor
{ "os": { "platform": "linux", "version": "#1 SMP Wed Mar 2 00:30:59 UTC 2022", "release": "5.10.102.1-microsoft-standard-WSL2" }, "cliVersion": "5.8.0", "nodeVersion": "v16.15.0", "cliAadAppId": "31359c7f-bd7e-475c-86db-fdb8c937548e", "cliAadAppTenant": "common", "authMode": "DeviceCode", "cliEnvironment": "", "cliConfig": {}, "roles": [], "scopes": [ "AllSites.FullControl", "AppCatalog.ReadWrite.All", "AuditLog.Read.All", "Bookings.Read.All", "ChannelMember.ReadWrite.All", "ChannelMessage.Read.All", "ChannelMessage.Send", "ChannelSettings.ReadWrite.All", "Chat.Read", "Chat.ReadWrite", "Directory.AccessAsUser.All", "Directory.ReadWrite.All", "ExternalConnection.ReadWrite.All", "Group.ReadWrite.All", "IdentityProvider.ReadWrite.All", "Mail.ReadWrite", "Mail.Send", "Notes.Read.All", "Place.Read.All", "Policy.Read.All", "Reports.Read.All", "SecurityEvents.Read.All", "ServiceHealth.Read.All", "ServiceMessage.Read.All", "ServiceMessageViewpoint.Write", "Tasks.ReadWrite", "Team.Create", "TeamMember.ReadWrite.All", "TeamsApp.ReadWrite.All", "TeamsAppInstallation.ReadWriteForUser", "TeamSettings.ReadWrite.All", "TeamsTab.ReadWrite.All", "TermStore.ReadWrite.All", "User.Invite.All", "User.ReadWrite.All", "profile", "openid", "email", "AllSites.FullControl", "AppCatalog.ReadWrite.All", "AuditLog.Read.All", "ChannelMember.ReadWrite.All", "ChannelMessage.Read.All", "ChannelMessage.Send", "ChannelSettings.ReadWrite.All", "Chat.Read", "Chat.ReadWrite", "Directory.AccessAsUser.All", "Directory.ReadWrite.All", "Group.ReadWrite.All", "IdentityProvider.ReadWrite.All", "Mail.ReadWrite", "Mail.Send", "Place.Read.All", "Policy.Read.All", "Reports.Read.All", "SecurityEvents.Read.All", "ServiceHealth.Read.All", "ServiceMessage.Read.All", "ServiceMessageViewpoint.Write", "Tasks.ReadWrite", "Team.Create", "TeamMember.ReadWrite.All", "TeamsApp.ReadWrite.All", "TeamsAppInstallation.ReadWriteForUser", "TeamSettings.ReadWrite.All", "TeamsTab.ReadWrite.All", "TermStore.ReadWrite.All", "User.Invite.All", "User.ReadWrite.All", "AllSites.FullControl", "AppCatalog.ReadWrite.All", "AuditLog.Read.All", "ChannelMember.ReadWrite.All", "ChannelMessage.Read.All", "ChannelMessage.Send", "ChannelSettings.ReadWrite.All", "Chat.Read", "Chat.ReadWrite", "Directory.AccessAsUser.All", "Directory.ReadWrite.All", "Group.ReadWrite.All", "IdentityProvider.ReadWrite.All", "Mail.ReadWrite", "Mail.Send", "Place.Read.All", "Policy.Read.All", "Reports.Read.All", "SecurityEvents.Read.All", "ServiceHealth.Read.All", "ServiceMessage.Read.All", "ServiceMessageViewpoint.Write", "Tasks.ReadWrite", "Team.Create", "TeamMember.ReadWrite.All", "TeamsApp.ReadWrite.All", "TeamsAppInstallation.ReadWriteForUser", "TeamSettings.ReadWrite.All", "TeamsTab.ReadWrite.All", "TermStore.ReadWrite.All", "User.Invite.All", "User.ReadWrite.All" ] }Additional Info
It may be an issue with the Graph:
https://docs.microsoft.com/en-us/answers/questions/802411/issue-with-selectedsites-and-34owner34-role-sharep.html
It should be possible though:
https://docs.microsoft.com/en-us/graph/api/resources/permission?view=graph-rest-1.0#roles-property-values