microsoft-graph-apiazure-powershellmicrosoft-graph-sdks
Microsoft Graph SDK for PowerShell - Get Api Permissions and App Roles of Service Principals
I'm trying to retrieve the API Permissions assigned to a Service Principle using Microsoft Graph SDK for PowerShell. I tried using the below command
Get-MgServicePrincipalOAuth2PermissionGrant -ServicePrincipalId <Id>
However, it doesn't provide all the API Permissions. Could someone help on this?
Thanks, Praveen
Solution
Granted API permissions to Service principal like below:
I agree with @user2250152, to get delegated permissions make use of below command:
Get-MgServicePrincipalOauth2PermissionGrant
-ServicePrincipalId <Id>
To get Application permissions, make use of below command:
Get-MgServicePrincipalAppRoleAssignment
-ServicePrincipalId <Id>
UPDATE:
To get the application permission claim, use the below script:
Connect-MgGraph -Scopes "Application.Read.All"
$Apps = Get-MgApplication | Where-Object { $_.DisplayName -eq "RukApp" }
$ServicePrincipals = Get-MgServicePrincipal -All
$RolesList = @()
foreach ($sp in $ServicePrincipals) {
$RolesList += $sp.AppRoles
}
$Data = @()
foreach ($App in $Apps) {
foreach ($Access in $App.RequiredResourceAccess) {
foreach ($Permission in $Access.ResourceAccess) {
$PermissionName = $null
if ($Permission.Type -eq 'Role') {
$PermissionName = ($RolesList | Where-Object { $_.Id -eq $Permission.Id }).Value
}
if ($PermissionName) {
$Data += [PSCustomObject]@{
'Application Display Name' = $App.DisplayName
'Permission Type' = $Permission.Type
'Permission Value' = $PermissionName
}
}
}
}
}
$Data | Format-Table -AutoSize
To check the application API permission name, refer the below
c# - Microsoft Graph API - Get users with specified app roles - Stack Overflow
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- Receiving ValidationError when trying to create webhook subscription with Graph API
- Azure Function App - frequent hang and deadlocks
- How to Assign Role to New User with Graph API
- issue with Microsoft graph api with forward slashes "/" in /me/events/{id}
- Failing Script to keep teams user available
- Non-Interactive - Get-MgUser : Insufficient privileges to complete the operation
- Get the email address of a Microsoft user
- Graph API : How can I get Sharepoint webhook resourceData Id?
- Having problem Authorizing Authenticated user account in Web API
- Search driveItem with query of Document-ID
- Update range request returns 200 OK but doesn't update the Excel sheet
- How to get the current user’s Delve URL via Microsoft Graph API
- Grant admin consent for app registration API permission
- .net GraphServiceClient send email - code sample doesn't work anymore
- How can I read local MS Teams status
- Updating Microsoft Teams Chats and Managing Attachments via Microsoft Graph API in C# .NET6 with Application level permission
- Cannot create Microsoft Graph API subscription using self signed C# X509Certificate2
- Get SharePoint ListItemId by Document-ID in MS Graph API C# SDK
- Issue in sending personal message in MS Teams with Graph API
- Search Outlook messages via MS Graph Search API, how do I get a full body of a message?
- InvalidUri error when transfering the whole OneNote to blob storage
- PowerShell select-object does not work with "Invoke-MgGraphRequest" but it worked with Invoke-RestMethod
- MS Teams Bot - Create a Conversation with User
- Why am I getting a null stream value when using file content from the Graph API?
- Presence not updating in Microsoft Teams using Graph API setUserPreferredPresence endpoint
- obtain item-id for microsoft graph api
- How to work with single-value extended properties?
- Changing User Email Address in Microsoft Entra External ID
- Microsoft Graph - Accessing OnlineMeetings Transcripts - Invalid format 'application/octet-stream, application/json' specified