Add-AzADAppPermission
Adds an API permission.
Add-AzADAppPermission
-ApiId <Guid>
-PermissionId <String>
-ObjectId <Guid>
[-Type <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Add-AzADAppPermission
-ApiId <Guid>
-PermissionId <String>
[-Type <String>]
-ApplicationId <Guid>
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Adds an API permission. The list of available permissions of API is property of application represented by service principal in tenant.
For instance, to get available permissions for Graph API:
- Azure Active Directory Graph:
Get-AzAdServicePrincipal -ApplicationId 00001111-aaaa-2222-bbbb-3333cccc4444
- Microsoft Graph:
Get-AzAdServicePrincipal -ApplicationId 00001111-aaaa-2222-bbbb-3333cccc4444
Application permissions under the appRoles
property correspond to Role
in -Type
.
Delegated permissions under the oauth2Permissions
property correspond to Scope
in -Type
.
User needs to grant consent via Azure Portal if the permission requires admin consent because Azure PowerShell doesn't support it yet.
Add-AzADAppPermission -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -ApiId 00001111-aaaa-2222-bbbb-3333cccc4444 -PermissionId 5f8c59db-677d-491f-a6b8-5f174b11ec1d
Add delegated permission "Group.Read.All" of Microsoft Graph API to AD Application (aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb)
Add-AzADAppPermission -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -ApiId 00001111-aaaa-2222-bbbb-3333cccc4444 -PermissionId 1138cb37-bd11-4084-a2b7-9f71582aeddb -Type Role
Add application permission "Device.ReadWrite.All" of Microsoft Graph API to AD Application (aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb)
The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.
Type: | Guid |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The application Id.
Type: | Guid |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | PSObject |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The unique identifier in Azure AD.
Type: | Guid |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The unique identifier for one of the oauth2PermissionScopes or appRole instances that the resource application exposes.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies whether the id property references an oauth2PermissionScopes(Scope, delegated permission) or an appRole(Role, application permission).
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Azure PowerShell feedback
Azure PowerShell is an open source project. Select a link to provide feedback: