Graph API permission for azure cli rest command

Juliano Jeziorny 6 Reputation points
2021-02-18T14:26:15.077+00:00

When calling rest graph api though the azure cli, one might need certain permissions. However the az cli does not have an app in aad to grant the permission thorugh. So how should this be done?
I understand it could be possible using a SP for the az cli authentication, but want to avoid that as many users use the cli and don't want to create an SP for each one.

$ az rest --method get --url https://graph.microsoft.com/beta/privilegedAccess/azureResources/roleAssignments?$filter=subjectId+eq+'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx'
Unauthorized({
  "error": {
    "code": "UnknownError",
    "message": "{\"errorCode\":\"PermissionScopeNotGranted\",\"message\":\"Authorization failed due to missing permission scope PrivilegedAccess.Read.AzureResources,PrivilegedAccess.ReadWrite.AzureResources.\",\"target\":null,\"details\":null,\"innerError\":null,\"instanceAnnotations\":[],\"typeAnnotation\":null}",
    "innerError": {
      "date": "2021-02-18T14:18:50",
      "request-id": "b5c00ab3-a964-42d1-a244-32da8df9dda8",
      "client-request-id": "b5c00ab3-a964-42d1-a244-32da8df9dda8"
    }
  }
})
Not Monitored
Not Monitored
Tag not monitored by Microsoft.
40,251 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.