Insufficient privileges to run Remove-AzureADOAuth2PermissionGrant

Diana C 0 Reputation points
2023-08-08T09:40:10.7+00:00

Hi,

I'm unable to run the Remove-AzureADOAuth2PermissionGrant command in Azure PowerShell even though I have Global Administrator role. Error messages as below.

Does anyone know what privilege I need and where to set it? Thanks

PS /home/d> $spOAuth2PermissionsGrants1 | Remove-AzureADOAuth2PermissionGrant

Remove-AzureADOAuth2PermissionGrant: Error occurred while executing RemoveOAuth2PermissionGrant

Code: Authorization_RequestDenied

Message: Insufficient privileges to complete the operation.

RequestId:

DateTimeStamp:

HttpStatusCode: Forbidden

HttpStatusDescription: Forbidden

HttpResponseStatus: Completed

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,764 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,746 Reputation points Microsoft Employee
    2023-08-22T08:26:37.87+00:00

    Hi @Diana C ,

    Thanks for reaching out.

    You need to first connect to Azure AD using Connect-AzureAD.

    then to remove the permission assigned to user using

    Remove-AzureADOAuth2PermissionGrant -objectId <objectId>
    

    To get the objectId of the user, run Get-AzureADOAuth2PermissionGrant powerShell command to retrieve objectId, resourceID and scope assigned.image

    Here resourceId is the service Principal ID which you can match with the permission you want to remove.

    User's image

    Match the service Principal Id with the resource Id and copy the corresponding objectId from the above.

    You can then remove the permissions using

    Remove-AzureADOAuth2PermissionGrant -ObjectId SLC0E57-xxxxxx-xxxxxx
    

    which will remove the permission.

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.