This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 17%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hello everyone,
I'm trying to create a PS script that reads the set permissions of a folder from SharePoint and creates a copy of it with the same rights.
In MS Entra Admin Center, I've created a new app and granted it numerous permissions for testing purposes.
My PS7 script looks like this:
$clientId = "[...]"
$clientSecret = "[...]"#Value, not the ID
$tenantId = "[...]"
$siteUrl = "[...].sharepoint.com/sites/ExterneKundendaten"
$libraryName = "Dokumente"
$folderPath = "_Unsortiert"
try {
$connection = Connect-PnPOnline -Url $siteUrl -ClientId $clientId -ClientSecret $clientSecret Write-Host "Connection successfully established"
}
catch { Write-Host "Connection error: $_"}
I'm getting the following error message:
Connection error: The remote server returned an error: (401) Unauthorized.
For testing, I've also tried the following connection setup:
$clientSecretSecure = ConvertTo-SecureString $clientSecret -AsPlainText -Force
Connect-PnPOnline -Url $siteUrl -ClientId $clientId -ClientSecret $clientSecretSecure
Connect-PnPOnline -Url $siteUrl -ClientId $clientId -ClientSecret $clientSecret
Connect-PnPOnline -Url $siteUrl -ClientId $clientId -ClientSecret $clientSecret -Tenant $tenantId
$clientSecretSecure = ConvertTo-SecureString $clientSecret -AsPlainText -Force
Connect-PnPOnline -Url $siteUrl -ClientId $clientId -ClientSecret $clientSecretSecure -Tenant $tenantId
Unfortunately, all without success.
This is roughly how the later process should be, but it's already stuck at point 1
1. Establish connection to SharePoint Online
2. Define library name and folder path
$libraryName = "Dokumente" # Name of the document library
$folderPath = "_Unsortiert" # Path to the folder
3. Get the list item for the folder
$folderItem = Get-PnPListItem -List $libraryName -FolderServerRelativeUrl "/sites/ExterneKundendaten/$libraryName/$folderPath"
4. Get the role assignments for the folder
$roleAssignments = Get-PnPRoleAssignment -List $libraryName -Identity $folderItem.Id
5. Display permissions
$roleAssignments | Format-Table Principal, RoleDefinitionBindings
6. Disconnect
Disconnect-PnPOnline
PSVersion 7.4.6
PnP.PowerShell 2.12.0
Does anyone have an approach on how I can proceed and/or can someone recommend a good (and current!!) tutorial?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi @Limosan,
This issue usually occurs you didn't grant correct permission. Please grant the new permission for the app and set correct scope on https://contoso.sharepoint.com/sites/sitename/_layouts/15/appinv.aspx
And the App Permission XML should be like following
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" /> </AppPermissionRequests>
Here is the document for more details
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.