Remove "Site.FullControl.All" from my Azure App registration, still allow us to access all sites.

Question

I have an Azure App registration, which has 2 permission for SharePoint, as follow:-

Sites.Selected
Sites.FullControl.All

User's image

now i removed the "Sites.FullControl.All" >> but still using the ClientID & the Thumbprint related to this Azure App registration i can access all the sites and view all lists and manage them..

connect-PnPOnline -Url $siteUrl -ClientId $clientId -Thumbprint $certThumbprint -Tenant $tenant

Get-PnPList

so why removing the "Sites/FullControl.All" did not take effect? i did this 1 hour ago.

Thanks

Answer

Hi @john john Pter ,

Thank you for posting in this community.

According to the description of your question, it is true that you should no longer be able to access the site when the clearance is removed, but unfortunately I did not find an answer to this question.

However, I recommend that you remove all permissions and re-add the permissions you kept. Finally, remove the other previous retention permissions. Then see if the problem persists.

1.Delete all permission.

2.Add permissions which you kept.

3.Under Configured permissions click on Grant admin consent for -organization name.

In the panel on the right, select No, remove other granted permissions and click on Grant admin consent at the bottom. In the confirmation dialog that appears, click Yes.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Share via

Remove "Site.FullControl.All" from my Azure App registration, still allow us to access all sites.

1 answer

Your answer