Add Get, Grant, Set and Revoke cmdlets for EntraID app list item permissions

[fabianhutzli]

Type

• Bug Fix
• New Feature
• Sample

Summary

Adds four new cmdlets that manage app-only permissions on individual list items, enabling the use of the ListItems.SelectedOperations.Selected Entra ID app permission scoped to a single item.

New cmdlets

• Get-PnPEntraIDAppListItemPermission – returns all or filtered item permissions (by PermissionId or AppIdentity)
• Grant-PnPEntraIDAppListItemPermission – grants a new permission for an Entra ID app registration on a list item
• Set-PnPEntraIDAppListItemPermission – updates the role of an existing list item permission
• Revoke-PnPEntraIDAppListItemPermission – removes a list item permission (with confirmation prompt / -Force)

Implementation notes

• Uses Microsoft Graph beta API (/sites/{siteId}/lists/{listId}/items/{itemId}/permissions)
• The -ListItem parameter accepts the integer item ID (use Get-PnPListItem to resolve it)
• Lists can be identified by GUID or display name
• Permission roles are Read, Write, Owner
• App display names are enriched via a best-effort GET /v1.0/servicePrincipals lookup
• Documentation included
• Developed with AI assistance
• Tested