I use a runbook with Powershell 5.1 and the pnp.powershell 1.12 framework.
I create a SharePoint site automatically with a managed identity. Everything works fine untile I try to apply the design which I have created before. I always get the message unauthorized. I don't know where I need to gave the managed identity more rights.
I hope you can help.
here is the code so far:
write-output "Site is not created yet!"
New-PNPSite -Type TeamSiteWithoutMicrosoft365Group -Title $siteTitle -url $siteUrl -
Owner "matthias@[tenant].onmicrosoft.com" -Lcid 1033
write-output "The site has been created!"
write-output "Connect to new site $siteTitle"
Connect-PnPOnline -url $siteUrl -ManagedIdentity
Get-PnPContext
write-output "Create Folders"
$Folder100= Add-PNPFolder -Name $folderName100 -Folder $relativFolderPath
$Folder200= Add-PNPFolder -Name $folderName200 -Folder $relativFolderPath
$Folder300= Add-PNPFolder -Name $folderName300 -Folder $relativFolderPath
$Folder900= Add-PNPFolder -Name $folderName900 -Folder $relativFolderPath
#site Design
Add-PnPSiteDesignTask -SiteDesignId eb8c67ca-9342-4821-b0ec-a173cc6481e6
then in the last step I get the error message: The remote server returned an error: (401) Unauthorized.
To implement the design, you must provide the managed identity the necessary privileges. Refer MSDoc to apply the required permissions to the managed identity.
Make sure that you are connecting to sharepoint in an administrator mode.
Once you give read/write permissions through
Grant-PnPAzureADAppSitePermissionPowerShell command, useSet-PnPAzureADAppSitePermissionto give full control permissions.The above steps will give the complete permissions to access the share point and implement the site design.
Note: Check the
PnP.Powershellmodule version. It should be compatible with the PowerShell runtime version of runbook in azure automation(5.1).