Revoke-PnPTenantServicePrincipalPermission

Tip

We encourage you to make improvements to this documentation. Please navigate to https://github.com/pnp/powershell/blob/dev/documentation/Revoke-PnPTenantServicePrincipalPermission.md to change this file.

Required Permissions

  • SharePoint: Access to the SharePoint Tenant Administration site
  • Microsoft Graph API : Directory.ReadWrite.All

Revokes a permission that was previously granted to the "SharePoint Online Client Extensibility Web Application Service Principal" service principal.

Syntax

Revoke-PnPTenantServicePrincipalPermission
      -Scope <String>
      [-Resource <String>]
      [-Force]
      [-Connection <PnPConnection>]
      [<CommonParameters>]

Description

Revokes a permission that was previously granted to the "SharePoint Online Client Extensibility Web Application Service Principal" service principal.

Examples

EXAMPLE 1

Revoke-PnPTenantServicePrincipalPermission -Scope "Group.Read.All"

Removes the Group.Read.All permission scope from the service principal.

Parameters

-Connection

Optional connection to be used by the cmdlet. Retrieve the value for this parameter by either specifying -ReturnConnection on Connect-PnPOnline or by executing Get-PnPConnection.

Type:PnPConnection
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Specifying the Force parameter will skip the confirmation question.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Resource

The resource to grant the permission for. Defaults to "Microsoft Graph"

Type:String
Position:Named
Default value:Microsoft Graph
Accept pipeline input:False
Accept wildcard characters:False
-Scope

The scope to grant the permission for

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False