Issue:
-
We are missing Sites.Selected permissions for a specified webUrl in the greenlist.
Resolution:
These steps require being either a tenant administrator, or a site administrator of the associated site collection.
- Open a PowerShell session. Note these steps may also require you to install Sharepoint PowerShell if the commands error out.
- Run
Connect-PnPOnline -Url $SITE_COLLECTION_URL
For certificate self-serve setup (new flow):
Run
Grant-PnpAzureADAppSitePermission -AppId '$CLIENT_ID' -Site $SITE_COLLECTION_URL -Permissions FullControl
For client secret self-serve setup (old flow):
run
Get-PnPAzureADAppSitePermission -AppIdentity '$CLIENT_ID_FOR_SETUP'
You should expect the output to include
Id : <id>
Roles : {read}
Apps : {ReadPermissions, $CLIENT_ID_FOR_SETUP}
-
If the output does not include the right application ID with ReadPermissions, rerun
Grant-PnpAzureADAppSitePermission -AppId '$CLIENT_ID' -Site $SITE_COLLECTION_URL -Permissions Read
If you are still having difficulty with setup, please reach out to support@glean.com.