How to add API permissions to an application registration using either Azure PowerShell or Azure CLI
Attempting to assign a role to an app registration but struggling to identify the suitable command in the AZ module for PowerShell or Azure CLI.
The AzureAD Module command below is functioning as intended:
New-AzureADServiceAppRoleAssignment -ObjectId $resourceObjectId -Id $roleId -PrincipalId $sourceServicePrincipalId -ResourceId $resourceObjectId
However, I'm encountering difficulties migrating the above-mentioned command to a new module. I'm uncertain about which scope to specify for the new commands, leading to issues in the migration process.
Kindly someone help here
I Need help to Migrate above command to Azure CLI / AZ module powershell script.
I have created one App role named tasks.read with below properties:
Now, I ran below Az PowerShell command to assign this App role API permission to an application registration:
Add-AzADAppPermission -ApplicationId $sourceAppId -ApiId $resourceappId -PermissionId $roleId -Type Role
Get-AzADAppPermission -ApplicationId $sourceAppId
Response:
When I checked the same in Portal, API permission added successfully under app registration like this:
To do the same via Azure CLI, you can make use of below command:
az ad app permission add --id <sourceAppObjId> --api <resourceAppId> --api-permissions <roleId>=Role --only-show-errors
Response:
If you are getting "Insufficient privileges" error, make sure to assign at least Application Administrator Entra role to your user under directory like this:
Go to Azure Portal -> Microsoft Entra ID -> Roles and administrators -> All roles -> Select role -> Add assignment
Reference:
- Azure Devops pipeline throwing error while running powershell script - The string is missing the terminator: "
- Azure CICD pipelines
- Add-AzStorageAccountNetworkRule "Windows PowerShell is in NonInteractive mode" error
- Azure AD Graph API or Powershell Graph: Gathering all the assigned roles that are associated to a group
- Rename Virtual Machine Managed Disks on Microsoft Azure through PowerShell
- Unable to connect to the server: getting credentials: exec: executable kubelogin not found
- Azure - Disconnect VNet Integration in Powershell
- Fatal: Could not read password for 'https://[email protected]': terminal prompts disabled
- Convert text File to CSV Format using powershell
- Azure CLI - Delete resource without deleting resource group
- use variable value from one PowerShell task to another in Azure Devops
- Azure SQL Server Firewall Rule add multiple IP address using PowerShell for database connectivity
- Api Management stv2, unable to remove region powershell
- Get list of assigned users in an Azure Virtual Desktop host pool using Powershell
- How do I properly use ForEach() statement of List?
- Get-AzureADUser with multiple pipes
- Using AZ CLI in PowerShell to move all resources in an Azure Resource Group
- How to get log analytics workspace usage details via api
- Azure VM: Stoping Azure VM after creation in a CI CD pipeline task
- Connect-AzAccount with Azure Devops Pipeline?
- AzurePowerShell@5 is failing to find parameter FederatedToken
- wrong Az.Acoounts version being used
- Connect-AzAccount : The term 'Connect-AzAccount' is not recognized as the name of a cmdlet, function, script file, or operable program
- How do I create a new Azure app registration and add a scope via PowerShell?
- Is there a way to bypass the Power-Shell confirmation(Y/N) prompt?
- Microsoft Graph SDK for PowerShell - Get Api Permissions and App Roles of Service Principals
- Get AzureSQL failover group by name
- AzureAD Inactive User Monitoring
- Capturing IPs - github actions is looking for an array not a string
- Export-Excel not working in Azure Functions