Add Get, Grant, Set and Revoke cmdlets for EntraID app list permissions

[fabianhutzli]

Type

• Bug Fix
• New Feature
• Sample

Summary

Adds four new cmdlets that manage app-only permissions on individual SharePoint lists, enabling the use of the ListItems.SelectedOperations.Selected Entra ID app permission scoped to specific lists rather than whole sites.

New cmdlets

• Get-PnPEntraIDAppListPermission – returns all or filtered list permissions (by PermissionId or AppIdentity)
• Grant-PnPEntraIDAppListPermission – grants a new permission for an Entra ID app registration on a list
• Set-PnPEntraIDAppListPermission – updates the role of an existing list permission
• Revoke-PnPEntraIDAppListPermission – removes a list permission (with confirmation prompt / -Force)

Implementation notes

• Uses Microsoft Graph beta API (/sites/{siteId}/lists/{listId}/permissions)
• Lists can be identified by GUID or display name
• Permission roles are Read, Write, Owner (the valid values for list-level permissions — manage/fullControl are site-level only)
• App display names are enriched via a best-effort GET /v1.0/servicePrincipals lookup, as the Graph beta API omits displayName in GET responses
• Documentation included
• Developed with AI assistance
• Tested