The authentication is successful and we are getting some results but not the Excel files. If we test it with our own (Victa) Sharepoint then we see many results and also Excel files.
Below the screenshots from Victa and the second from our customer.
Results loading from our own Victa Sharepoint (same connector and settings (entra id > app permissions)Same Excel Online connector but configured for the customer in their own Sharepoint.
We cant figure out the difference because we use the same setup (clone) of the Excel Connector. Does the user who is authenticating the connector within TimeXtender need more rights on the Sharepoint side? We already gave for testing the account Owner rights and also added many API Permissions to the app registration.
Hopefully somebody has an idea.
Best answer by rogier.helmus
A few points that might help you:
Please check if the API permissions are granted. I had a client where the API permission were set, but the Excel files weren’t showing. The descriptions state that granting isn’t required for some permissions. However we explicitly granted all permissions we did see the Excel files.
When using the permission sites.selected, I think you have to give the app registration access to the site via the following grant command: https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html . Running this requires Powershell and I think the user running this needs to be admin on the site. The benefit of doing this is that limiting the access to a specific site prevents having access to all Sharepoint sites in the tennant which will make your cybersecurity team very happy. ;-)
if you rApp Registration permissions require Admin consent, have you already granted those? You can check this in the Azure Portal in the App Registration details in Entra. There is also a footnote in Microsoft's documentation that says something like “mixing Delegation and Application permissions may result in difficult to diagnose errors” so try to stay away from mixing both types in your API permissions.
Please check if the API permissions are granted. I had a client where the API permission were set, but the Excel files weren’t showing. The descriptions state that granting isn’t required for some permissions. However we explicitly granted all permissions we did see the Excel files.
When using the permission sites.selected, I think you have to give the app registration access to the site via the following grant command: https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html . Running this requires Powershell and I think the user running this needs to be admin on the site. The benefit of doing this is that limiting the access to a specific site prevents having access to all Sharepoint sites in the tennant which will make your cybersecurity team very happy. ;-)
You can sometimes see it more specifically if you turn on logging while synchronizing. It does GRAPH API calls, so you should be able to locate the URI that is sent to retrieve the file and try it out in Postman, that may explain why.
Besides that I would agree with Rory, it is likely APP permissions. This is also largely dependent on what grant type you are using for this.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
