Automatically Update Permission with Graph Api

Michele Massetti 0 Reputation points
2024-11-18T16:27:48.3433333+00:00

Hello Community,
I m having issues adding permissions in the API permissions. Basically following this guide:
https://learn.microsoft.com/en-us/entra/identity-platform/howto-update-permissions?pivots=portal#grant-consent-for-the-added-permissions-for-the-enterprise-application
I successfully add the permissions, but then it is needed by the admin to grand access to those. I would like to automatize the process with the graphAPIs from Azure. I modify the requiredResourceAccess of the app, and it works. So my question is, how can I avoid the last step that an admin is required to click on grant access?
Thanks a lot

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,580 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 110.3K Reputation points MVP
    2024-11-18T17:30:24.6266667+00:00

    If you want to add the permissions programmatically, use the appRoleAssignment endpoint: https://learn.microsoft.com/en-us/graph/api/serviceprincipal-post-approleassignedto?view=graph-rest-1.0&tabs=http

    Do note that you need some highly privileged permissions to perform such operations, which is effectively the equivalent of Global admin. You will have to work with your admins to grant those permissions first, before your app is able to make changes to appRoleAssignments.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.