Solved

Excel Online connector 'Needs admin approval'

  • 23 February 2023
  • 6 replies
  • 57 views

Hi all,

When using the latest version of the CData Excel Online connector for extracting files from Sharepoint, we get a rather useless message after hitting the button ‘Authorize OAuth’. We are using the OAuth Grant Type ‘CODE’, meaning that we are only going to see the files that the account we are authenticating with can see on Sharepoint. The message we get after authenticating is like this:

 

The message does not tell us what permissions we are missing, the account does have access to Sharepoint. However, it does not have access to the Graph Explorer. What kind of permissions do we need when authenticating this provider with a user account? Does it purely depend on the user account or does the App Registration require permissions as well? If so, which ones?

icon

Best answer by Thomas Lind 24 February 2023, 13:42

View original

6 replies

Userlevel 3
Badge +5

Hi Kaj

I have a section about how my app got set up in my excel online guide.

It did not really work before I got additional rights added, it was pretty much limited to the excel files I had stored in my own onedrive otherwise.

 

Hi Thomas,

I looked at this too but where you get the following image after authorizing OAuth, I get the one I posted previously.

Do you think that it is happening because we use the OAuth Grant Type ‘CODE’? I asked for an admin to sign in with his account but we did not get it working through that way either. It just does not become clear what permissions we need.

Userlevel 3
Badge +5

According to cdata the app needs these rights.
Sites.Read.All, Files.Read, Files.Read.All, Files.Read.Selected, Files.ReadWrite, Files.ReadWrite.All, Files.ReadWrite.AppFolder, Files.ReadWrite.Selected, and offline_access

We do not need to change anything, so I always suggested that the ones about write weren’t set.

The CData documentation says this about the permissions on the App Registration:

 

Since we want to use it with user context, it suffices to add these permissions as delegated right? We do however still get the issue when trying to do the OAuth in TX. Should our user have owner/contributor rights on the Azure App Registration maybe? 

Userlevel 3
Badge +5

Hi Kaj

Yes, it should be with delegated permissions for CODE Grant Type.

I have seen that at times you would still be required to get a admin to authenticate the rights for it to actually give you access. Specifically regarding the Email Notification feature we got.

We indeed needed an admin from the company to log on the TX interface in which we got the message that I shared. After that, we could use the data source actually.

Reply