[BUG] Submit-PnPSearchQuery: Attempted to perform an unauthorized operation. When query against People Search SourceId

[LuisFalcon003]

Reporting an Issue or Missing Feature

The following error message is returned when trying to query against People Search -SourceId "B09A7990-05EA-4AF9-81EF-EDFAB16C4E31":
"Attempted to perform an unauthorized operation."

Expected behavior

Get all user profiles from People Search, for re-indexing puropose.

Full query:
$profiles = Submit-PnPSearchQuery -Query '-AccountName:spofrm -AccountName:spoapp -AccountName:app@sharepoint -AccountName:spocrawler -AccountName:spocrwl -PreferredName:"Foreign Principal"' -SourceId "b09a7990-05ea-4af9-81ef-edfab16c4e31" -SelectProperties "aadobjectid", "department", "write" -All -TrimDuplicates:$false -RelevantResults

Actual behavior

An error message returned:
"Attempted to perform an unauthorized operation."

Steps to reproduce behavior

1. Set a Microsoft Entra ID Application with the following permission:

2. Connect to SharePoint Online using the Microsoft Entra ID application and certificate:

$clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$spoTenantRootUrl = "https://[tenant].sharepoint.com"
$tenantDomain = "mydomain.com"
$certificatePath = ".pfx local path"
$plainTextPassword = "MyPassword"
$secureCertificatePassword = ConvertTo-SecureString -String $plainTextPassword -AsPlainText -Force
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certificatePath, $plainTextPassword, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)

Connect-PnPOnline -Url $spoTenantRootUrl -ClientId $clientId -CertificatePath $certificatePath -CertificatePassword $secureCertificatePassword -Tenant $tenantDomain -ErrorAction Stop

3. Execute query:

$profiles = Submit-PnPSearchQuery -Query '-AccountName:spofrm -AccountName:spoapp -AccountName:app@sharepoint -AccountName:spocrawler -AccountName:spocrwl -PreferredName:"Foreign Principal"' `
    -SourceId "b09a7990-05ea-4af9-81ef-edfab16c4e31" -SelectProperties "aadobjectid", "department", "write" ` -All -TrimDuplicates:$false -RelevantResults

What is the version of the Cmdlet module you are running?(you can retrieve this by executing Get-Module -Name "PnP.PowerShell" -ListAvailable)

3.1.0

Which operating system/environment are you running PnP PowerShell on?

• Windows
• Linux
• MacOS
• Azure Cloud Shell
• Azure Functions
• Other : please specify

[gautamdsheth]

hey @LuisFalcon003 , this is not an issue with PnP PowerShell, but an issue with you Entra ID app. You also need to provide User.Read.All permission in SharePoint for people search. If there's some terms or managed metadata in people properties, you also need to assign TermStore.Read.All permissions. THis is as designed not a bug.