Not Monitored
Tag not monitored by Microsoft.
40,251 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
When calling rest graph api though the azure cli, one might need certain permissions. However the az cli does not have an app in aad to grant the permission thorugh. So how should this be done?
I understand it could be possible using a SP for the az cli authentication, but want to avoid that as many users use the cli and don't want to create an SP for each one.
$ az rest --method get --url https://graph.microsoft.com/beta/privilegedAccess/azureResources/roleAssignments?$filter=subjectId+eq+'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx'
Unauthorized({
"error": {
"code": "UnknownError",
"message": "{\"errorCode\":\"PermissionScopeNotGranted\",\"message\":\"Authorization failed due to missing permission scope PrivilegedAccess.Read.AzureResources,PrivilegedAccess.ReadWrite.AzureResources.\",\"target\":null,\"details\":null,\"innerError\":null,\"instanceAnnotations\":[],\"typeAnnotation\":null}",
"innerError": {
"date": "2021-02-18T14:18:50",
"request-id": "b5c00ab3-a964-42d1-a244-32da8df9dda8",
"client-request-id": "b5c00ab3-a964-42d1-a244-32da8df9dda8"
}
}
})