Share via

API permissions for resource query on securityresources?

Rami Yankelov 1 Reputation point
2022-07-25T10:33:58.17+00:00

I need to perform Microsoft.ResourceGraph query on securityresources.
I get the response I don't have the permissions for the resource.
I'm getting the following error :
'Access is denied to the requested resource. The user might not have enough permission'

the full url:
https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01

the query body:
{
"subscriptions": [
"my subscription id here"
],
"query": "securityresources | where type == 'microsoft.security/securescores/securescorecontrols'"
}

the token is generated for resource:
https://management.core.windows.net

using an app with the api permission:
Microsoft Graph -> User.Read

Does anyone know which permissions are needed on the application for this resource?

Thanks in advance

Microsoft Security Microsoft Graph
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 46,371 Reputation points
    2022-07-26T09:45:59.377+00:00

    Hi @Rami Yankelov

    You should grant delegate permissions under the Azure Service Management endpoint instead of the Microsoft Graph endpoint.

    224768-2022-07-26-174325.png

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Aditya Pratap Singh 0 Reputation points
    2023-12-29T13:50:22.52+00:00

    I am still getting the same error after making changes

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.