azureazure-active-directorymicrosoft-graph-apiazure-app-configuration
Azure AD application permissions: Is it possible to get permissions which comes under "Other permissions granted for tenant"?
- I am creating an application in Azure AD and assigning "Application" permissions to that applications using Microsoft graph APIs.
- When I update the permissions ("requiredResourceAccess" array) for that application, which also includes removing some previously granted permissions. Previously granted permissions which are removed while updating an application comes under "Other permissions granted for tenant".
- When I execute Microsoft graph API "https://graph.microsoft.com/v1.0/applications/{id}" to get application's properties, I only get permissions which comes under "Configured permissions" in "requiredResourceAccess" array.
Is there a way/ API which also lists the permissions under "Other permissions granted for tenant"? Thanks.
Solution
You can List appRoleAssignments to get all the application permissions which have been granted to a service principal.
GET https://graph.microsoft.com/v1.0/servicePrincipals/{service_principal_object_id}/appRoleAssignments
{service_principal_object_id} is the object id of the enterprise application associated with the app registration.
Find it here:
Please note this API lists all the application permissions, including Configured permissions and Other permissions granted for tenant.