Microsoft SharePoint API access denied

0
votes

I'm trying to get RoleDefinitionBindings using REST GET call in python

The problem is that on some calls I get a proper response, i.e,

https://my_company.sharepoint.com/_api/Web/RoleAssignments(25)/RoleDefinitionBindings

but on the other I get 'Access denied'. I.e on

https://my_company.sharepoint.com/sites/Company/_api/Web/RoleAssignments(4)/RoleDefinitionBindings

I get

AccessDeniedError("403: https://my_company.sharepoint.com/sites/Company/_api/Web/RoleAssignments(4)/RoleDefinitionBindings: {'odata.error': {'code': '-2147024891, System.UnauthorizedAccessException', 'message': {'lang': 'en-US', 'value': 'Access denied. You do not have permission to perform this action or access this resource.'}}}")

I can't figure out what is the problem, I'm using all possible scopes for ShapePoint for my App in Active Directory:

    "https://my_company.sharepoint.com/AllSites.FullControl",
    "https://my_company.sharepoint.com/AllSites.Read",
    "https://my_company.sharepoint.com/User.Read.All",
    "https://my_company.sharepoint.com/AllSites.Manage",
    "https://my_company.sharepoint.com/AllSites.Write",
    "https://my_company.sharepoint.com/MyFiles.Read",
    "https://my_company.sharepoint.com/MyFiles.Write",
    "https://my_company.sharepoint.com/Sites.Search.All",
    "https://my_company.sharepoint.com/TermStore.Read.All",
    "https://my_company.sharepoint.com/TermStore.ReadWrite.All",
    "https://my_company.sharepoint.com/User.ReadWrite.All"
1
sharepointsharepoint-api
Does your app account has been added any set of permission at the sharepoint site that you are trying to access?DeividKamui
@DeividKamui Yes - I've given my app all the permissions described aboveAlex L
I meant inside the SharePoint site you need to add the active directory account to the proper permissions group ie: Site Owners, Site MembersDeividKamui
I wasn't aware that I need to do that as well. Thanks! BTW, do you know how to do it?Alex L
You need to ask to your SharePoint admin to add that account in any of the available groups of permissions (full control would be nice if you plan to access any other rest operations like creating libraries or lists). If you are the admin the go to site settings and then site permissions and add your account. If you are still having trouble there are still other options to access SharePoint rest API but You will need to code more.DeividKamui

1 Answers

1
votes

The problem was that I wasn't the Admin on SharePoint site (although I was the admin on Azure AD). Once I added myself as admin to SharePoint, the issue was solved