Forum Discussion

Magnus_Jansson_1's avatar
Magnus_Jansson_1
Copper Contributor
Apr 16, 2018

is permissions for sharing a site via ShareSite changed

Hi!

I have a SharePoint app that tries to invite people to a site via the PnP ShareSite method.

 

About a month ago the app stopped working and now I see that I get a StatusCode of Access Denied when I try to share even though the app has full Control.

APIs
developer
PnP
  • Deleted's avatar
    Deleted
    Apr 17, 2018

    Are you trying to share with external users? Can you please provide some screenshots

     

    There is Service Advisory in O365 Admin Center for External Sharing access errors.

    • Bart Kapitein's avatar
      Bart Kapitein
      Copper Contributor
      Aug 29, 2018

      We are having exactly the same issue. Sharing a site using a ClientContext with App Only credentials was working before, but now we receive errors.

       

      When sharing a site using a ClientContext that has authenticated with SharePointOnlineCredentials the sharing succeeds. Using the same code but a ClientContext that has authenticated with App Only credentials the sharing fails with error message: 'The user has insufficient permissions to create an invitation'. The app has tenant full control permissions.

       

      I think the SharePoint Online Sharing API has changed and the change is causing this issue now.

      • nguyentoan's avatar
        nguyentoan
        Copper Contributor
        Apr 02, 2019
        Hi Bart Kapitein,
        Did you have a solution to work with App Only Authentication? I have the same issue as well.
    • nguyentoan's avatar
      nguyentoan
      Copper Contributor
      Apr 07, 2019
      I did a workaround solution for this issue by 2 steps. Firstly, I invite external users to AD as guest via a graph api. Secondly, I share the site using PnP library.
  • Derek Gusoff's avatar
    Derek Gusoff
    Brass Contributor
    Oct 09, 2019

    I'm seeing this now as well, and maybe I can provide some additional context. I'm inviting external users via app-only context. This used to work, and now it does not.

     

    I believe it has something to do with classic versus Modern sites. I have a tenant where app-only invitations still work on classic team sites but fail on Modern sites. Tenant and site settings are configured to allow sharing to existing and new external users. I have another newer tenant, where the functionality is disabled altogether. 

     

    I'm running: 

     

    var group = ctx.Web.SiteGroups.GetByName(groupName);
    ctx.Load(group);
    ctx.ExecuteQuery();

    group.InviteExternalUser("user@domain.com", true);
    ctx.ExecuteQuery();

     

    and the code does not throw exceptions but the invite is not sent. Sniffing the traffic with Fiddler I can see:

     

    The user has insufficient permissions to create an invitation

     

    Anybody know what's going on here? Really would like to avoid the Graph workaround if possible.

     

    • StevenDeRoover's avatar
      StevenDeRoover
      Brass Contributor
      Jun 30, 2020

      Is there anyone who has been able to resolve this issue.

       

      We have a provisioning application as well (.NET) which adds a user to a site and group, through .ShareSite(email, group, false).

       

      Sometimes it works, sometimes we get the "The user has insufficient permissions to create an invitation" error.

Resources