Error access denied with app-principals in Sharepoint Online

Copper Contributor

To activate an integration between a SAP system and Sharepoint Online, a security entity called SPFacturasSAP has been created, this entity has been created at the client's site and has been given full control permissions at the tenant level:


<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />


however when they try to upload files using this entity the following error is generated:


<?xml version="1.0" encoding="utf-8"?>
<m:error xmlns:m="">
<m:code>-2147024891, System.UnauthorizedAccessException</m:code>
<m:message xml:lang="es-ES">Access denied.</m:message>


the apis that are being used to upload the files are: /_api/Web/GetFolderByServerRelativeUrl('{{file_rel_path}}')/Files/add(url='filename.png',overwrite=true) /_api/web/GetFolderByServerRelativePath (DecodedUrl='{{file_rel_path}}')/Files/AddUsingPath(DecodedUrl='DEMO.pdf',AutoCheckoutOnInvalidData=true)


Is there any additional configuration required?

3 Replies



Make sure that DisableCustomAppAuthentication is set to False. By default in new tenant this setting is set to True,



You can change this setting via SharePoint Online Management Shell


Make sure that once you change this setting at tenant level, it can take up to 24 hours to apply this settings.


Hope it will helpful to you and if so then Please mark my response as Best Response & Like to help others in this community


I checked that this parameter is set to false:

PS C:\WINDOWS\system32> Get-SPOTenant | findstr "DisableCustomAppAuthentication"
DisableCustomAppAuthentication : False
PS C:\WINDOWS\system32>

Thanks & regards.
Is there any other configuration that is necessary so that the access denied error is not generated? It was already verified that the DisableCustomAppAuthentication parameter was set to false.