Call to sites Graph API requires “owner” permissions for site collection regardless of app permissions

Okay – yet another weird issue, and a hacky workaround. I was developing an app that was calling a SharePoint site through Graph API, using jQuery $.ajax call (developed in TypeScript), and ran into surprising 401 errors. I did find a workaround, but am also working on an actual fix.

Description

To get SharePoint site ID, which is needed when accessing SharePoint lists, the calls seemed to fail for my test accounts. Everything was working fine for my developer account, which was a global admin, so the first thing I was suspecting was of course permissions…

The first offending test account was a Group member, and a restricted reader in the site collection I was trying to access via Graph. The account was also a contributor on the root site of the tenant. And all of my accounts were licensed with E3/E5.

I knew that this part of the code was supposed to get a site id for a certain SharePoint site collection with a call to Graph API, similar to this one:

https://graph.microsoft.com/v1.0/sites/<tenant>.sharepoint.com:/sites/<site>/

It worked for my developer account, but just wouldn’t work for the test accounts! This is the error I got: Continue reading

Alternative Languages in SharePoint forcing the (cumbersome) use of localized Managed Properties

Localization and multilingual environments in SharePoint are an endless source of interesting issues and blog post topics. In one case, we had a tenant created originally in English, and a site collection created in Finnish. In this particular case, SharePoint somehow messed up the language settings, and ended up requiring the use of localized managed properties on the search center of that site collection. That ended up being unexpected, unituitive and unusable for the end-users.

Description of the issue

Typically, when you use SharePoint Search, you can use managed properties to search for values in certain fields or columns of any items in the index. Our particular use case involved searching SharePoint’s people results for users of certain departments.

“Department” is a managed property on its own, and gets info from – surprise, surprise – a field called “Department” in the user profile service in SharePoint Online. In our case, the Search service API returned results with “Department:HR”, but search center did not.¬†

After a lot of playing around, it turned out the search center required us to use localized versions of the names of managed properties. In this particular case, search required the Finnish name (“Osasto”) for the property.¬†Before this, I didn’t even know that was a thing! In all of the installations I’ve seen, the plain English internal names of the managed properties worked just fine – so, in this case, “Department”. Continue reading

Web part title changes not reflected to some users in multilingual SharePoint environment

‚Äč‚ÄčWhen changing the web part title on a web part on a classic SharePoint page, changes seem to be saved for you. In reality, they are only reflected to some users.. And some users, on some devices, see the old title, whereas some see the new one. It’s a confusing situation and difficult to debug.

Why do web part titles get changed seemingly randomly?

Imagine this: You have a SharePoint environment, where you have multiple different languages set up. You also have users with multiple different workstation configurations Рincluding multiple different languages. Different users, however, quite randomly see different revisions of web part titles in a very weird manner. This happens seemingly randomly even on new client devices, so no client-side caching is the reason.

This actually likely works as designed, it’s just kind of a confusing implementation. We’ve got Microsoft to blame for that, and their pretty bad documentation.. SharePoint actually localizes (and hence saves) Web part titles per-language.¬† Continue reading