User Profile
johnjohn-Peter
Iron Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Create a file using SharePoint rest api will create a corrupted file
I have this formula to send multiple files from power apps to power automate:- ClearCollect( i, 0 ); ForAll( AttachFiles.Attachments As d, If(AddandRenameFile.Run( ClientDropdown.Selected.Value, MainCategoryDropdown.Selected.Title, SubCategoryComboboxCanvas.Selected.Title & (If( Last(i).Value = 0, "", Last(i).Value )), MainFolderDropdown.Selected.Value, d.Name, { name: d.Name, contentBytes: d.Value } ).result="Error",Notify("Error uploading file " & d.Name& ". Check if the file name already exsists.",NotificationType.Error),Notify("The File '"& d.Name& "' uploaded and renamed successfully.",NotificationType.Success,10000)); Collect( i, Last(i).Value + 1 ) ) here is the flow:- now the files will be added to sharepoint , but when i tired to open an image i will get this error:- and when i try to open a PDF i will get white pages without any content any advice?The requesting principal is not authorized to set group preferred data location
We have our tenant with 4 Geo locations. And inside power automate flow I am sending this Graph Api to create a new security group under specific Geo location:- but I am getting this error:- The requesting principal is not authorized to set group preferred data location. Now if i remove this parameter:- "preferredDataLocation": "AUS", the Office 365 group will get created under the default location, but I need to add it to the specific location. the service account running the graph Api call has SharePoint, group and teams admin permissions. any advice? ThanksCreating a Project through Graph API "msdyn_CreateProjectV1"
I want to create a new Project online plan using Microsoft Graph API, so i used this end point and action inside my flow:- now the action will run successfully, and it should have created a new Project with subject = "Subject Test from automate", as follow:- but i can not find the new project inside the UI:- any advice?Failed-Delete Message: Initiator (8:orgid:**) is not allowed to delete message
I am trying to delete a message inside Teams Channel using Graph API, the chat was generated using copilot agent. now i used this action to do the delete:- and this endpoint:- POST /teams/{teamsId}/channels/{channelId}/messages/{chatMessageId}/softDelete but we got this error message:- AclCheckFailed-Delete Message: Initiator (8:orgid:68******3ca) is not allowed to delete message Although the user who run the flow is teams owner + we have this setting enabled to allow owners to delete message:- any advice? ThanksRe: Questions about Copilot Agents created using copilot studio, that use SharePoint & data-verse
peterfoster Thanks for the reply. A1) So for SharePoint , copilot uses the classic search index to find info? A2) No, on the same source such as SharePoint site, we can get different answers if we ask the same question twice, and most of the time the second answer will be more accurate. A3) Clear thnks A4) so even if we correct the agent, it will not learn from our feedback, is this what you mean?Questions about Copilot Agents created using copilot studio, that use SharePoint & data-verse
I have developed many copilot agents using copilot studio, which have SharePoint sites and datavesrse tables as their source.. but i have those questions that i can not find a clear answers on them:- 1- Is there an order to how knowledge sources are indexed by a copilot agent? and if the source is SharePoint does Copilot use the classic SharePoint search ? 2- Why do we sometimes get inconsistent answers when asking the same questions? 3-Is there a way to integrate a PowerBI list instead of a SharePoint list? 4- Can the agent learn through user interaction? does generative AI need to be turned on for this to occur? In other words, if we have the same source, should we expect the same Copilot agent to provide more clear answers in the future, due to improvement to the underlying AI algorithms? ThanksSharePoint Online REST API using Azure Function Managed Identity
I have created an Azure Function which uses .NET Core 8.0. and i enabled its managed identity:- also i accessed the azure function from "Enterprise Application", and i copied its AppID:- Then i run those commands as per this official documentation for Microsft @ https://learn.microsoft.com/en-us/sharepoint/dev/apis/webhooks/sharepoint-webhooks-using-azd-template#grant-the-function-app-access-to-sharepoint-online :- # This script requires the modules Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns, which can be installed with the cmdlet Install-Module below: # Install-Module Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Repository PSGallery -Force Connect-MgGraph -Scope "Application.Read.All", "AppRoleAssignment.ReadWrite.All" $managedIdentityObjectId = "******" # 'Object (principal) ID' of the managed identity $scopeName = "Sites.Selected" $resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'" # SPO $targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | ? Value -eq $scopeName $appRoleAssignment = @{ "principalId" = $managedIdentityObjectId "resourceId" = $resourceAppPrincipalObj.Id "appRoleId" = $targetAppPrincipalAppRole.Id } New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityObjectId -BodyParameter $appRoleAssignment | Format-List and this command, on the Analytics site:- Connect-PnPOnline -Url "https://YOUR_SHAREPOINT_TENANT_PREFIX.sharepoint.com/sites/analytics" -Interactive -ClientId "YOUR_PNP_APP_CLIENT_ID" Grant-PnPAzureADAppSitePermission -AppId "****" -DisplayName "YOUR_FUNC_APP_NAME" -Permissions Manage Everything went well, then I verify the above for the Analytics site, as follow:- here is my code inside Azure Function, to get the items inside a list named "Call Transfer Log Data":- accessToken = await GetJwtTokenUsingSystemManagedIdentity(); try { string siteUrl = "https://***.sharepoint.com/sites/analytics"; string listName = "Call Transfer Log Data"; string tenant = "****"; string site = "analytics"; string listTitle = "Call Transfer Log Data"; siteUrl = $"https://{tenant}.sharepoint.com/sites/{site}"; string apiBaseUrl = $"{siteUrl}/_api/web/lists/GetByTitle('{listTitle}')/items"; var httpClient = new HttpClient(); httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); httpClient.DefaultRequestHeaders.Accept.ParseAdd("application/json;odata=verbose"); string filterDate = DateTime.UtcNow.AddDays(-120).ToString("yyyy-MM-ddTHH:mm:ssZ"); string requestUrl = $"{apiBaseUrl}?$filter=Modified ge datetime'{filterDate}'&$top=100&$orderby=Modified desc"; bool hasMore = true; int page = 1; List<CallTransferLogData> responseContent = new List<CallTransferLogData>(); while (hasMore) { Console.WriteLine($"Fetching page {page}..."); var request = new HttpRequestMessage(HttpMethod.Get, requestUrl); var response = await httpClient.SendAsync(request); Console.WriteLine("Raw response "); Console.WriteLine(response); string content = await response.Content.ReadAsStringAsync(); using JsonDocument doc = JsonDocument.Parse(content); Console.WriteLine($"Parse doc {page}..."); Console.WriteLine("Raw response content:"); Console.WriteLine(content); var root = doc.RootElement.GetProperty("d"); Console.WriteLine($"Building Root {page}..."); // Process results foreach (var item in root.GetProperty("results").EnumerateArray()) {//code goes here;; }//end of try private static async Task<string> GetJwtTokenUsingSystemManagedIdentity() { string resource = "https://****.sharepoint.com/.default"; var credential = new DefaultAzureCredential(); var tokenRequestContext = new TokenRequestContext(new[] { resource }); var token = await credential.GetTokenAsync(tokenRequestContext); Console.WriteLine("Toekn is " + token.Token) ; return token.Token; } but the content will be {"error_description":"ID3035: The request was not valid or is malformed."} the full response will be:- 2025-04-22T16:31:38Z [Information] StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers: 2025-04-22T16:31:38Z [Information] { 2025-04-22T16:31:38Z [Information] Cache-Control: private 2025-04-22T16:31:38Z [Information] Server: Microsoft-IIS/10.0 2025-04-22T16:31:38Z [Information] X-NetworkStatistics: 0,********0 2025-04-22T16:31:38Z [Information] x-ms-diagnostics: 3001000;reason="There has been an error authenticating the request.";category="invalid_client" 2025-04-22T16:31:38Z [Information] IsOCDI: 0 2025-04-22T16:31:38Z [Information] X-DataBoundary: NONE 2025-04-22T16:31:38Z [Information] X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ 2025-04-22T16:31:38Z [Information] X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ 2025-04-22T16:31:38Z [Information] SPRequestGuid: 4***2 2025-04-22T16:31:38Z [Information] request-id: 4***2 2025-04-22T16:31:38Z [Information] MS-CV: o****/Q8g.0 2025-04-22T16:31:38Z [Information] SPRequestDuration: 56 2025-04-22T16:31:38Z [Information] SPIisLatency: 2 2025-04-22T16:31:38Z [Information] X-Powered-By: ASP.NET 2025-04-22T16:31:38Z [Information] MicrosoftSharePointTeamServices: 16.0.0.26002 2025-04-22T16:31:38Z [Information] X-Content-Type-Options: nosniff 2025-04-22T16:31:38Z [Information] X-MS-InvokeApp: 1; RequireReadOnly 2025-04-22T16:31:38Z [Information] P3P: CP="ALL ****" 2025-04-22T16:31:38Z [Information] WWW-Authenticate: Bearer realm="e****20",client_id="00000003-******00-000000000000",trusted_issuers="00000001-0000-0000-c000-000000000000@*,D****@*,https://sts.windows.net/*/,https://login.microsoftonline.com/*/v2.0,00000003-0000-0ff1-ce00-000000000000@***b",authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize" 2025-04-22T16:31:38Z [Information] Date: Tue, 22 Apr 2025 16:31:36 GMT 2025-04-22T16:31:38Z [Information] Content-Length: 74 2025-04-22T16:31:38Z [Information] } Also when i decode the token, i got those valid claims for all the properties.. So why the code is not working? ThanksAzure Function managed identity is raising this error "Access Denied"
We have an Azure Function on .NET 8.0. and we enabled the managed identity of the Azure Function. Then we run those commands as per this official MS link https://learn.microsoft.com/en-us/sharepoint/dev/apis/webhooks/sharepoint-webhooks-using-azd-template#grant-the-function-app-access-to-sharepoint-online:- Power shell command: # This script requires the modules Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns, which can be installed with the cmdlet Install-Module below: # Install-Module Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Repository PSGallery -Force Connect-MgGraph -Scope "Application.Read.All", "AppRoleAssignment.ReadWrite.All" $managedIdentityObjectId = "d3e8dc41-94f2-4b0f-82ff-ed03c363f0f8" # 'Object (principal) ID' of the managed identity $scopeName = "Sites.Selected" $resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'" # SPO $targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | ? Value -eq $scopeName $appRoleAssignment = @{ "principalId" = $managedIdentityObjectId "resourceId" = $resourceAppPrincipalObj.Id "appRoleId" = $targetAppPrincipalAppRole.Id } New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityObjectId -BodyParameter $appRoleAssignment | Format-List And this pnp command: Connect-PnPOnline -Url "https://YOUR_SHAREPOINT_TENANT_PREFIX.sharepoint.com/sites/YOUR_SHAREPOINT_SITE_NAME" -Interactive -ClientId "YOUR_PNP_APP_CLIENT_ID"` Grant-PnPAzureADAppSitePermission -AppId "3150363e-afbe-421f-9785-9d5404c5ae34" -DisplayName "YOUR_FUNC_APP_NAME" -Permissions Manage Here is the code for the Azure Function, which uses the login user credential if I am inside development machine and uses the Azure Function managed identity on the hosted app: if (Environment.GetEnvironmentVariable("AZURE_FUNCTIONS_ENVIRONMENT") == "Development")` { var credential = new InteractiveBrowserCredential(); // or AzureCliCredential graphClient = new GraphServiceClient(credential); } else { var credential = new DefaultAzureCredential(); // Managed Identity graphClient = new GraphServiceClient(credential); var token = await new DefaultAzureCredential().GetTokenAsync( new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" }) ); _logger.LogInformation("Token acquired: " + token.Token.Substring(0, 20) + "..."); } //Call to get the "Call Transfer Log Data" sharepoint list data` try { var sitePath = "e**87"; var listId = "6*`*`*`*`"; var allItems = new List<ListItem>(); // Initial page request with Expand = fields var page = await graphClient .Sites[sitePath] .Lists[listId] .Items .GetAsync(config => { config.QueryParameters.Top = 100; config.QueryParameters.Expand = new string[]{ "fields($select=*)" }; }); allItems.AddRange(page?.Value ?? []); // code goes here... } Then I verified the setting, but running this command: Get-PnPAzureADAppSitePermission -Site "<Site URL>" I get this result: Id : ***...-.... Roles : {Manage} App : Microsoft.Azure.Functions – 3150363e-afbe-421f-9785-9d5404c5ae34 In the development environment, the code is working fine, while in the hosted Azure Function, the code raised an exception: Access Denied Any advice? It seems I use all the needed settings.Re: Only allow the creator of the item and the user direct manager to view the submitted item
DJ_JambaNot sure how this is working for you,,, but if you do not have full control on the list you will not be able to see any item if the item-level is set to only see and edit your own items... even if you have full control on the item.. are you sure this is working for you? an i agree with you that "Item level permissions supercede" .. that why your scenario will not workRe: Only allow the creator of the item and the user direct manager to view the submitted item
DJ_JambaAre you sure this will work? as if you have this settings:- and you granted the Approver's Approve permission, then Read permission, then the Approver user will not be able to see the item... the above settings for the Item-Level Permissions, will only allow the creator of the item + the user with full control ON THE LIST to see the items.. so how come an Approver user (who did not create the item) will be able to see the item??? are you sure this is working for you?
