cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Neville
Level: Powered On

UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

Hi.  What's the missing ingredient in this recipe?

Create a PowerApp for a SharePoint Online (list named "Spotlight") and bypass the horrible-user-experience that prompts the "Almost there..." consent dialog.almostthere.png

 

Used a SharePoint Admin account that is also the "Spotlight" PowerApp Creator, Owner and Publisher...Owner.png

Also ensuring that the account is an o365 Global Admin...GlobalAdmin.png

Also account has a P2 license (just in case)...P2.png

And ensuring account is the PowerApps Environment Admin...

EnvAdmin.png

On a local machine open PowerShell ISE as local admin, and successfully executive and authenitcate using...

Add-PowerAppsAccount

And (double-checking the App ID correct) then execute...

Set-AdminPowerAppApisToBypassConsent -AppName xxxxxxxx-xxxx-xxxx-xxxx-9af945177a94

And it returns this permissions error:

Invoke-WebRequest : {"error":{"code":"EnvironmentAccess","message":"The user with object id 'xxx' in tenant 'xxx' does not have access to permission 'Set PowerApps Connection Direct Consent Bypass' in environment 'xxx'. Error Code: 'UserMissingRequiredPermission'"}}

1 ACCEPTED SOLUTION

Accepted Solutions
Neville
Level: Powered On

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

DON'T USE WINDOWS SERVER!!!

I had overlooked that little admonition in my notes from a year ago.  So on my local local Windows10Enterprise x64 box I opened PowerShell ISE as admin, installed the PowerApps modules, and all subsequent commands succeeded.  That's 24-hours I wish I could have back...

8 REPLIES 8
Super User
Super User

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

The only requirement should be that you are a Global Admin in the Tenant and that the Oauth permissions were created when you setup the app.  I think you should go back and try again, but don't skip the "Almost There..." dialog.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Highlighted
Neville
Level: Powered On

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

Just to clarify... The Admin account has completed the consent dialog, and verified the connection to the SPO-list on Admin profile.  We are seeking now only to bypass consent for the rest of the members of the tenancy.

Neville
Level: Powered On

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

...adding @iAm_ManCat to this thead as he seems very knowledgable in this area of consent-bypass.

we have successfully executed these commands about a year ago, but it was in "default" environment and the platform appears to have changed siginificantly since then

Super User
Super User

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

The only two requirements that should be in play then are that the user running the PowerShell command is a global Admin for the tenant and has a PowerApps P2 license.  I would double check to make sure that you are logged in through PowerApps with credentials that have those requirements fulfilled. I know you said you already checked that, but those are the only requirements for that command.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Neville
Level: Powered On

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

DON'T USE WINDOWS SERVER!!!

I had overlooked that little admonition in my notes from a year ago.  So on my local local Windows10Enterprise x64 box I opened PowerShell ISE as admin, installed the PowerApps modules, and all subsequent commands succeeded.  That's 24-hours I wish I could have back...

Super User
Super User

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

Using Windows server might be to do with your SSO for that server, or the version of PowerShell that it's running, glad you managed to figure it out! Cat Very Happy

 

I've had this issue before when trying to run some commands locally (as it would then SSO as my non-admin user, which does not have global admin rights), so would always do it on my local machine with an elevated PowerShell ISE running under my admin creds.

 

Cheers,

ManCat




Don't forget to 'Mark as Solution' and 'Thumbs Up' those who deserve it!
Super User
Super User

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

Yes, all these PowerShell commands should be run from a client workstation and not a server.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Neville
Level: Powered On

Re: UserMissingRequiredPermission when setting Connection-Direct-Consent-Bypass

@iAm_ManCat : that was precisely my fear! that SSO would require the local-machine-admin be SharePoint-Online-Admin too ( I've learned in the past, as we all probably have, that SSO highjacks even "incognito" browser sessions) 

So I retreated to a remote-desktop-session on a remote-Windows-Server-box where I knew I could operate exclusively as SharePoint-Online-Admin and simultaneous local-admin and not worry about an overlap of session tokens.

Only out of frustration did I finally execute on my local-machine. Even with my local-daily-user-account I only authenticated as the SharePoint-Online-account when prompted by executing the "Add-PowerAppsAccount" command. And it all worked!

So I learned these interesting lessons: TLSmiley Very HappyR : The account running the admin-elevated PowerShell-session locally does NOT need to be the same as the PowerApps-admin account executing the commands in the cloud. (plus, as stated earlier, never use Windows Server for this)

Helpful resources

Announcements
firstImage

PowerApps Monthly Community Call!

Join us next Wednesday for our Demo Extravaganza, October 16, 2019 8am PDT.

firstImage

Microsoft Business Applications Virtual Launch Event

Join us for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

firstImage

Watch Sessions On Demand!

Continue your learning in our online communities.

Power Platform 2019 release wave 2 plan

Power Platform 2019 release wave 2 plan

Features releasing from October 2019 through March 2020

FirstImage

Power Platform World Tour

Coming to a city near you

thirdimage

PowerApps Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

FourthImage

Join PowerApps User Group!!

Connect, share, and learn with your peers year-round

SecondImage

Power Platform Summit North America

Register by September 5 to save $200

Top Kudoed Authors
Users Online
Currently online: 224 members 4,765 guests
Please welcome our newest community members: