This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 15%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
I have this App registration with Site.Selected:-
now i want to define the sites for the above "Sites.Selected", so i tried the following:-
$siteUrl = "https://*.sharepoint.com/sites/integration-prod"
$clientId = "2**0a"
$certThumbprint = "7**EA"
$tenant = "**.onmicrosoft.com"
Connect-PnPOnline -Url $siteUrl -ClientId $clientId -Thumbprint $certThumbprint -Tenant $tenant
$writeperm = Grant-PnPAzureADAppSitePermission -Permissions "Write" -Site $siteUrl -AppId $clientId -DisplayName "SPGPIntegration-Test"
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $clientId
Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions "FullControl"
but i got these errors:-
PS C:\Users\mohan> $writeperm = Grant-PnPAzureADAppSitePermission -Permissions "Write" -Site $siteUrl -AppId $clientId -DisplayName "SPGPIntegration-Test"
Grant-PnPAzureADAppSitePermission: {"error":{"code":"AccessDenied","message":"Either scp or roles claim need to be present in the token.","innerError":{"date":"2024-09-17T14:01:55","request-id":"38072694-80cf-4235-9b4c-3d0335ee72ff","client-request-id":"38072694-80cf-4235-9b4c-3d0335ee72ff"}}}
PS C:\Users\mohan>
PS C:\Users\mohan> $PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $clientId
Get-PnPAzureADAppSitePermission: Forbidden (403): Either scp or roles claim need to be present in the token.
PS C:\Users\mohan>
PS C:\Users\mohan> Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions "FullControl"
Set-PnPAzureADAppSitePermission: Cannot validate argument on parameter 'PermissionId'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
any advice on this please?
Thanks
Are you trying to authenticate via the application shown on the first screenshot? This will not work, as you need the Sites.FullControl.All for this operation.
@Vasil Michev Yes, now i tried with an App Registration which have full control but got the exact error , here what i tried, so i have 2 client IDs (one for the App registration with full control , while the other for the App registration which have Site.Selected), as mentioned in the description:-
$siteUrl = "https://*****"
$clientId = "Client ID For the App Registration which have full control"
$certThumbprint = "Thumbprint For the App Registration which have full control"
$tenant = "****.onmicrosoft.com"
connect-PnPOnline -Url $siteUrl -ClientId $clientId -Thumbprint $certThumbprint -Tenant $tenant
$writeperm = Grant-PnPAzureADAppSitePermission -Permissions "Write" -Site $siteUrl -AppId "Client ID For the App Registration which have Sites.Seleced" -DisplayName "SPGPIntegration-Test"
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity "Client ID For the App Registration which have Sites.Seleced""
Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions "FullControl"
but still the same error
@Vasil Michev any further advice? Thanks