From time to time, Support receives tickets about "accessDenied" errors. These errors are usually related to Microsoft SharePoint List and SharePoint Document Library data sources and data destinations that are linked to Microsoft 365 connections.
Error Description
The "accessDenied" error in the portal appears as follows:
These are usually caused by policy or user account changes in the Microsoft Entra (formerly Azure) configuration, resulting in restricted permissions for access to SharePoint objects.
Resolving Microsoft Entra "accessDenied" Errors
Review Microsoft Entra Permissions
First, your IT Team or Microsoft 365 Administrator should review the Microsoft Entra permissions.
In most configurations, a TrueContext Enterprise app will already be added in the Entra configuration, and a user or service account will be associated with the app.
Key Areas to Review:
App Registrations in Microsoft Entra:
- Navigate to Microsoft Entra and select App Registrations.
- Select the TrueContext application which is linked to SharePoint access.
- Select API permissions.
- Confirm the Microsoft Graph service has the permissions in the screenshot below.
Note: The permissions must be granted to the Microsoft Graph service and not just to SharePoint or another app.
User/Service Account and SharePoint Permissions:
If the Microsoft Graph permissions are correct, review the following settings:
- Ensure that the SharePoint Site or Team and the SharePoint List or Document Library can be accessed by the user or service account from the Enterprise app.
- Confirm there are no duplicate user IDs in the SharePoint access levels mentioned above.
For further information, review this Microsoft document on access issues in SharePoint - https://learn.microsoft.com/en-us/sharepoint/troubleshoot/administration/access-denied-or-need-permission-error-sharepoint-online-or-onedrive-for-business
After making permissions changes in Microsoft Entra or SharePoint, in the TrueContext portal, attempt to re-execute a SharePoint destination execution on a submission that is failing with the accessDenied errors. Alternatively, a SharePoint data source can be manually fetched as well.
Resetting the Microsoft Connection
In some cases, the Microsoft connection may need to be reset using the process outlined in this document - https://support.truecontext.com/hc/en-us/articles/4406637825300-How-to-Re-Connect-an-Expired-Connection
If the issue persists, please create a Support ticket using the process outlined in this document and our Support team will be happy to help - https://support.truecontext.com/hc/en-us/articles/4406631384340-How-To-Contact-Technical-Support
#TechTalkSupport #Microsoft #SharePoint
------------------------------
Jesse Collier
Senior Technical Engineer
TrueContext
Atlanta
------------------------------