Forum Discussion
PnP Provisioning for SP2013 - minimal Managed Metadata service permissions?
Jasjit, Pieter, and Ivan - Thanks so much so replying and helping so far!
To rule out the issue with pnp permission vs actual permission can you create (as an admin) a test list/library with managed metadata column and then create an item (as test user)? Goal is to check access to the term set via UI.
If this works then the call being made is requiring more permissions than the "read only" despite the read only requirement in this case behind the scene.
I tried this. Code works fine as farm administrator and through UI as farm administrator.
PS: Out of cusriosity does it work when you give it full permissions?
No, still same error. I tried all permission levels. See below...
You will need to be a term store administrator
Yes, this appears to be my guess. Didn't get test this yet. Really strange that the PnP and CSOM code needs that high level of permission just to apply a site template to a sub site. Really looking to see if there's any other way other than granting that high of level of permission to that account.
If you are not using add-in authentication, you don't need any additional configuration to read data from MMS.
Correct I'm not using add-in authentication. I'm using NTLM/Kerberos. I agree in theory that I "shouldn't" need any additional configuration to read data from MMS... however PnP Provisioning engine seems to be trying to write there (even though it's in the same farm and the term groups, term sets, and terms are already there in MMS).
It seems that provisioning engine tries to modify something in MMS. If you apply template to the same site collection where template was extracted from it should not do any changes, so it may be a bug. If you apply template to different site collection, it may try to replicate site collection term group, so you need write permissions in this case.
Yep understood agree with it in theory that's what it should be doing... the relationship between site collection term groups and the MMS term groups are not as clear to me. Everything is already in MMS and perfect, yet, PnP provisioning engine is still trying to write there.
Really weird.
If anyone has any other ideas (or runs other tests that I haven't tried yet), let me know. I have elected to temporarily disabled the ability for the site template to apply term groups to the newly created site and things are working as of now. However, I suspect I will need it turned on and working in the future. Thanks for any additional research/repro in advance...
That explains it for sure - Thanks !
Pieter Veenstra - thanks Pieter
