Error using Sharepoint REST API call to add permissions

Andrew Jones 5 Reputation points
2024-02-07T23:39:30.08+00:00

I have an odd issue. I have an integration that is doing lots of REST calls to SHarePoint all of which work fine, except for 2, setting permissions and creating libaries. The commands I'm using a literally textbook (cut and paste from, and they work OK from Power Automate, but not from my inegration platform (Workato) or PostMan. In both cases I get the error.
{   odata.error: {     code: -2147024891, System.UnauthorizedAccessException,     message: {       lang: en-US,       value: Attempted to perform an unauthorized operation.     }   } }

I get the same responce from both my production SharePoint online instance and my Dev one (the dev is completely vanilla). I get the issue even when using Global Admin who is the site owner and admin.

An example call:

https://s2j6.sharepoint.com/sites/PALWS-HwapuniSouth/_api/web/lists/getbytitle('History')/items(1)/roleassignments/addroleassignment(principalid=13,roledefid=1073741826)

All the scope variables are valid and work fine with other REST commands. I've broken inheritance which is required with this command.

Any ideas?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,160 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,784 questions
SharePoint Workflow
SharePoint Workflow
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Workflow: An orchestrated and repeatable pattern of business activity, enabling data transformation, service provision, and information retrieval.
545 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RaytheonXie_MSFT 33,251 Reputation points Microsoft Vendor
    2024-02-08T02:51:18.41+00:00

    Hi @Andrew Jones,

    Per my research, SharePoint rest api does not support "Password Grant Flow". You can either use "Client Credentials Flow" or "Implicit Flow". If you want to allow users to use their username & password, Use implicit flow.

    NOTE: User will always require to sign in to get access token. You can not simply pass username and password with post request.

    Here is the complete guide for configuring azure ad app for implicit flow :

    https://frankchen2016.medium.com/how-to-access-the-spo-rest-api-using-implicit-authentication-flow-40d65750554f

    ---If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.