Skip to content

Commit 2ba6fd3

Browse files
committed
Add Get, Grant, Set and Revoke cmdlets for EntraID app list permissions
Implements ListItems.SelectedOperations.Selected support via the Microsoft Graph beta API. Lists can be addressed by GUID or display name. Permission roles use the correct list-level values (Read, Write, Owner). Display names are enriched via service principal lookup since the Graph beta API omits them on GET responses. Documentation included.
1 parent fd8e757 commit 2ba6fd3

11 files changed

Lines changed: 1298 additions & 0 deletions
Lines changed: 161 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,161 @@
1+
---
2+
Module Name: PnP.PowerShell
3+
schema: 2.0.0
4+
applicable: SharePoint Online
5+
online version: https://pnp.github.io/powershell/cmdlets/Get-PnPEntraIDAppListPermission.html
6+
external help file: PnP.PowerShell.dll-Help.xml
7+
title: Get-PnPEntraIDAppListPermission
8+
---
9+
10+
# Get-PnPEntraIDAppListPermission
11+
12+
## SYNOPSIS
13+
14+
**Required Permissions**
15+
16+
* Microsoft Graph API: Sites.ReadWrite.All
17+
18+
Returns Entra ID App permissions for a list.
19+
20+
## SYNTAX
21+
22+
### All Permissions
23+
```powershell
24+
Get-PnPEntraIDAppListPermission -List <String> [-Site <SitePipeBind>] [-Connection <PnPConnection>]
25+
```
26+
27+
### By Permission Id
28+
```powershell
29+
Get-PnPEntraIDAppListPermission -PermissionId <String> -List <String> [-Site <SitePipeBind>] [-Connection <PnPConnection>]
30+
```
31+
32+
### By App Display Name or App Id
33+
```powershell
34+
Get-PnPEntraIDAppListPermission -AppIdentity <String> -List <String> [-Site <SitePipeBind>] [-Connection <PnPConnection>]
35+
```
36+
37+
## DESCRIPTION
38+
39+
This cmdlet returns app permissions for a list in either the current or a given site.
40+
41+
The list can be identified by its GUID or display name.
42+
43+
## EXAMPLES
44+
45+
### EXAMPLE 1
46+
```powershell
47+
Get-PnPEntraIDAppListPermission -List "Documents"
48+
```
49+
50+
Returns all app permissions set on the Documents library of the currently connected site.
51+
52+
### EXAMPLE 2
53+
```powershell
54+
Get-PnPEntraIDAppListPermission -List "Documents" -Site https://contoso.sharepoint.com/sites/projects
55+
```
56+
57+
Returns all app permissions set on the Documents library of the specified site collection.
58+
59+
### EXAMPLE 3
60+
```powershell
61+
Get-PnPEntraIDAppListPermission -List "12345678-1234-1234-1234-123456789012"
62+
```
63+
64+
Returns all app permissions set on the list identified by its GUID.
65+
66+
### EXAMPLE 4
67+
```powershell
68+
Get-PnPEntraIDAppListPermission -List "Documents" -PermissionId aTowaS50fG1zLnNwLmV4dHxlMzhjZmIzMS00
69+
```
70+
71+
Returns the specific permission details for the given permission id on the Documents library.
72+
73+
### EXAMPLE 5
74+
```powershell
75+
Get-PnPEntraIDAppListPermission -List "Documents" -AppIdentity "My App"
76+
```
77+
78+
Returns the specific permission details for the app with the provided display name on the Documents library.
79+
80+
### EXAMPLE 6
81+
```powershell
82+
Get-PnPEntraIDAppListPermission -List "Documents" -AppIdentity "89ea5c94-7736-4e25-95ad-3fa95f62b66e"
83+
```
84+
85+
Returns the specific permission details for the app with the provided app id on the Documents library.
86+
87+
## PARAMETERS
88+
89+
### -AppIdentity
90+
Specify either the display name or the app id (client id) to filter the returned permissions to a specific app.
91+
92+
```yaml
93+
Type: String
94+
Parameter Sets: By App Display Name or App Id
95+
96+
Required: True
97+
Position: Named
98+
Default value: None
99+
Accept pipeline input: False
100+
Accept wildcard characters: False
101+
```
102+
103+
### -Connection
104+
Optional connection to be used by the cmdlet. Retrieve the value for this parameter by either specifying -ReturnConnection on Connect-PnPOnline or by executing Get-PnPConnection.
105+
106+
```yaml
107+
Type: PnPConnection
108+
Parameter Sets: (All)
109+
110+
Required: False
111+
Position: Named
112+
Default value: None
113+
Accept pipeline input: False
114+
Accept wildcard characters: False
115+
```
116+
117+
### -List
118+
The list to retrieve permissions for. Accepts a list GUID or display name.
119+
120+
```yaml
121+
Type: String
122+
Parameter Sets: (All)
123+
124+
Required: True
125+
Position: Named
126+
Default value: None
127+
Accept pipeline input: False
128+
Accept wildcard characters: False
129+
```
130+
131+
### -PermissionId
132+
If specified, the permission with that id will be retrieved.
133+
134+
```yaml
135+
Type: String
136+
Parameter Sets: By Permission Id
137+
138+
Required: True
139+
Position: Named
140+
Default value: None
141+
Accept pipeline input: False
142+
Accept wildcard characters: False
143+
```
144+
145+
### -Site
146+
Optional url of a site to retrieve the permissions for. Defaults to the currently connected site.
147+
148+
```yaml
149+
Type: SitePipeBind
150+
Parameter Sets: (All)
151+
152+
Required: False
153+
Position: Named
154+
Default value: Currently connected site
155+
Accept pipeline input: False
156+
Accept wildcard characters: False
157+
```
158+
159+
## RELATED LINKS
160+
161+
[Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)
Lines changed: 144 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,144 @@
1+
---
2+
Module Name: PnP.PowerShell
3+
schema: 2.0.0
4+
applicable: SharePoint Online
5+
online version: https://pnp.github.io/powershell/cmdlets/Grant-PnPEntraIDAppListPermission.html
6+
external help file: PnP.PowerShell.dll-Help.xml
7+
title: Grant-PnPEntraIDAppListPermission
8+
---
9+
10+
# Grant-PnPEntraIDAppListPermission
11+
12+
## SYNOPSIS
13+
14+
**Required Permissions**
15+
16+
* Microsoft Graph API: Sites.ReadWrite.All
17+
18+
Adds permissions for a given Entra ID application registration on a list.
19+
20+
## SYNTAX
21+
22+
```powershell
23+
Grant-PnPEntraIDAppListPermission -AppId <Guid> -DisplayName <String> -Permissions <Read|Write|Owner> -List <String> [-Site <SitePipeBind>] [-Connection <PnPConnection>]
24+
```
25+
26+
## DESCRIPTION
27+
28+
This cmdlet adds permissions for a given Entra ID application registration on a list.
29+
30+
The list can be identified by its GUID or display name.
31+
32+
## EXAMPLES
33+
34+
### EXAMPLE 1
35+
```powershell
36+
Grant-PnPEntraIDAppListPermission -AppId "aa37b89e-75a7-47e3-bdb6-b763851c61b6" -DisplayName "TestApp" -Permissions Read -List "Documents"
37+
```
38+
39+
Grants the Entra ID application registration Read access on the Documents library of the currently connected site.
40+
41+
### EXAMPLE 2
42+
```powershell
43+
Grant-PnPEntraIDAppListPermission -AppId "aa37b89e-75a7-47e3-bdb6-b763851c61b6" -DisplayName "TestApp" -Permissions Write -List "12345678-1234-1234-1234-123456789012"
44+
```
45+
46+
Grants Write access on the list identified by its GUID in the currently connected site.
47+
48+
### EXAMPLE 3
49+
```powershell
50+
Grant-PnPEntraIDAppListPermission -AppId "aa37b89e-75a7-47e3-bdb6-b763851c61b6" -DisplayName "TestApp" -Permissions Owner -List "Documents" -Site https://contoso.sharepoint.com/sites/projects
51+
```
52+
53+
Grants Owner access on the Documents library of the specified site collection.
54+
55+
## PARAMETERS
56+
57+
### -AppId
58+
The app id (client id) of the Entra ID application registration to grant permission for.
59+
60+
```yaml
61+
Type: Guid
62+
Parameter Sets: (All)
63+
64+
Required: True
65+
Position: Named
66+
Default value: None
67+
Accept pipeline input: False
68+
Accept wildcard characters: False
69+
```
70+
71+
### -Connection
72+
Optional connection to be used by the cmdlet. Retrieve the value for this parameter by either specifying -ReturnConnection on Connect-PnPOnline or by executing Get-PnPConnection.
73+
74+
```yaml
75+
Type: PnPConnection
76+
Parameter Sets: (All)
77+
78+
Required: False
79+
Position: Named
80+
Default value: None
81+
Accept pipeline input: False
82+
Accept wildcard characters: False
83+
```
84+
85+
### -DisplayName
86+
The display name to associate with the permission. Used for visual reference only; does not need to match the application name in Entra ID.
87+
88+
```yaml
89+
Type: String
90+
Parameter Sets: (All)
91+
92+
Required: True
93+
Position: Named
94+
Default value: None
95+
Accept pipeline input: False
96+
Accept wildcard characters: False
97+
```
98+
99+
### -List
100+
The list to grant permissions on. Accepts a list GUID or display name.
101+
102+
```yaml
103+
Type: String
104+
Parameter Sets: (All)
105+
106+
Required: True
107+
Position: Named
108+
Default value: None
109+
Accept pipeline input: False
110+
Accept wildcard characters: False
111+
```
112+
113+
### -Permissions
114+
The permissions to grant for the Entra ID application registration. Can be Read, Write, or Owner.
115+
116+
```yaml
117+
Type: String
118+
Parameter Sets: (All)
119+
120+
Required: True
121+
Accepted values: Read, Write, Owner
122+
Position: Named
123+
Default value: None
124+
Accept pipeline input: False
125+
Accept wildcard characters: False
126+
```
127+
128+
### -Site
129+
Optional url of a site to grant the permissions on. Defaults to the currently connected site.
130+
131+
```yaml
132+
Type: SitePipeBind
133+
Parameter Sets: (All)
134+
135+
Required: False
136+
Position: Named
137+
Default value: Currently connected site
138+
Accept pipeline input: False
139+
Accept wildcard characters: False
140+
```
141+
142+
## RELATED LINKS
143+
144+
[Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp)

0 commit comments

Comments
 (0)