management.azure.com Authorization Failed azure csp account

Question

I was trying a GET request from this url .

https://management.azure.com/subscriptions/\*\*\*\*\*\*\*\*-0f71-\*\*\*\*-994b-804713\*\*\*\*\*\*/resourceGroups/\*\*\*\*\*\*\*\*\*\*WE01/resources?api-version=2017-05-10
I have sent the authentication token & already have an application registered in Active directory

I am getting this error message.

{"error":{"code":"AuthorizationFailed","message":"The client '********-22c0-****-bb40-416f1a******' with object id '********-22c0-****-bb40-416f1a******' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourceGroups/resources/action' over scope '/subscriptions/********-0f71-****-994b-8047********/resourceGroups/**********WE01' or the scope is invalid. If access was recently granted, please refresh your credentials."}}

I already have an application registered in AD. What all permissions should I need to give to the registered application.

Thanks!
Murugan

Answer 1

@Murugan Andezuthu Dharmaratnam
Thank you for the detailed post!

When it comes to using the Resources - List By Resource Group REST API, can you make sure that your AzureAD App registration has the user_impersonation API permission. For more info.

If you're still experiencing issues - for testing purposes, you can also try assigning the Global Admin role to your AzureAD App to see if that resolves your issue.
Navigate to AzureAD -> Roles and Administrators -> Search for Global Admin -> Add the role assignment to your App (for testing purposes).

If you have any other questions or are still experiencing issues, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.