The “User Does Not Have Consent to Access the Service” error occurs when a user tries to access a service or connector in Power Automate but has not granted the necessary permissions or consent.
Error Message:
"User does not have consent to access the service – The user has not consented to give access to a service or connector."
This issue commonly occurs due to:
- Missing or revoked OAuth permissions for a third-party service (e.g., Microsoft Graph, SharePoint, Dataverse).
- Organization-wide restrictions on user consent settings.
- DLP (Data Loss Prevention) policies blocking the connection.
- Expired or revoked tokens for authentication.
2. Common Causes and Fixes
| Cause | Description | Fix |
|---|---|---|
| User has not granted consent | The user has not approved access to the service or connector. | Grant consent when prompted. |
| Organization blocks user consent | Admin has disabled user consent for apps and services. | Request admin approval via Azure AD Admin Center. |
| Revoked or expired permissions | Previous consent was revoked or the token expired. | Reconnect the service and reauthorize the connection. |
| DLP policies restricting access | Organization policies prevent connections to certain services. | Modify DLP policies in Power Automate Admin Center. |
| Connector requires admin approval | Some services require admin approval before users can connect. | Admin must pre-approve the connector in Azure AD. |
3. Step-by-Step Troubleshooting Guide
Step 1: Grant Consent When Prompted
If you see a popup requesting consent, it means the service needs permission to connect to your account.
Steps to fix:
- Click Accept when prompted to grant access.
- If consent is not granted, the service cannot connect.
- If the consent request does not appear, proceed to Step 2.
Example Fix:
- When using Microsoft Graph, a popup may request permission to read emails—click Allow.
Step 2: Reconnect the Service and Refresh Permissions
If the connection is outdated or revoked, re-establish it in Power Automate.
Steps to fix:
- Open Power Automate.
- Click on Data > Connections.
- Find the service or connector causing the issue.
- Click …” (More options) > Refresh connection.
- If refreshing doesn’t work, click Delete Connection and Add New Connection.
- Grant permission when prompted.
Example Fix:
- If a SharePoint connection fails, reconnect your Microsoft account.
Step 3: Check Organizational Consent Settings in Azure AD
Some organizations disable user consent for security reasons. If you cannot approve access, an admin must grant consent.
Steps for Admins:
- Go to Azure Active Directory (Azure AD).
- Navigate to Enterprise Applications.
- Click User Settings.
- Check “Users can consent to apps accessing company data on their behalf”:
- If Disabled → Enable this setting OR manually approve the request.
- If Enabled → Ensure users have permission to grant access.
- Click “Admin consent requests” and approve pending requests.
Example Fix:
- If users cannot connect to Microsoft Graph, an admin must approve it in Azure AD.
Step 4: Modify DLP (Data Loss Prevention) Policies
DLP policies in Power Automate may block access to certain services.
Steps for Admins:
- Open Power Automate Admin Center.
- Go to Data Policies.
- Check if the service (e.g., Dropbox, SQL, Outlook) is in the Blocked category.
- If blocked, move it to Business or Non-Business category.
- Save changes and try again.
Example Fix:
- If a Google Drive connector is blocked, update the DLP policy to allow it.
Step 5: Check Role-Based Access Control (RBAC) in Microsoft 365
If users lack the correct role assignments, they cannot access services.
Steps for Admins:
- Open Microsoft 365 Admin Center.
- Navigate to Users > Active Users.
- Select the affected user.
- Click Roles and ensure the user has the required permissions.
- If needed, assign them the Power Automate User role.
Example Fix:
- If a user lacks the Dataverse User role, assign it to allow access.
Step 6: Verify OAuth Token Expiration and Refresh the Login
Expired OAuth tokens prevent authentication with external services.
Steps to fix:
- Sign out of Power Automate.
- Sign back in and reauthorize the connector.
- If issues persist, ask an admin to reset OAuth permissions.
Example Fix:
- If a Twitter API connection expires, re-authenticate the account.