Where Can We find the id of the resource servicePrincipal which has defined the app role

Prabhakar.Billingi 66 Reputation points
2020-07-24T05:17:52.797+00:00

Grant an appRoleAssignment , Reference serviceprincipal-post-approleassignedto
As per the document I need to pass resourceId in the request , Where Can I find the resourceId.

URL: https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignedTo

Sample request:

{
"principalId": "principalId-value",
"resourceId": "??,
"appRoleId": "appRoleId-value"
}

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,830 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,390 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-07-24T08:24:13.047+00:00

    @Prabhakar.Billingi , Thank you for reaching out. For the following api call https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignedTo, you would need to feed this url with the servicePrincipal's object ID which is referred as the resouceId here.

    To fetch the servicePrincipal's object ID, you can use the following API calls:

    GET /servicePrincipals ---> This would list all the available service principals in your AAD tenant.

    If you would only want to fetch the Object ID of a specific Service Principal then you can also consider running this API call along with the filter mentioned:
    https://graph.microsoft.com/beta/serviceprincipals?$filter=startswith(displayName, 'Application-Name')

    Running the above API would give you the output and from there you need to copy the guid value present under the id key. This value of the id key is the resource-id, that you can use in the following API "**https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignedTo**"

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    1 person found this answer helpful.
  2. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-07-24T09:23:43.267+00:00

    @PrabhakarBillingi-9819, The following API call "https://graph.microsoft.com/beta/serviceprincipals?$filter=startswith(displayName, 'Application-Name')", would get you the service principal ID of the mentioned service-principal name that you have mentioned in the "Application-Name" section of the above api call.

    Now, the following API call "**https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignedTo**", would get you the AppRoleAssigments present on this Service Principal.

    The API call "**https://graph.microsoft.com/v1.0/oauth2PermissionGrants**" would get you the API Permissions that you have set on this application.

    AppRoleAssignments and OAuth2Permissions are two different things. All these entities (AppRoleAssigment, OAuth2Permissions etc) are tied to a specific Application (service-principal) registered in AAD and Applications registered to AAD are always tenant specific. Applications registered in a specific tenant would be visible only under that specific tenant.

    Event Application registered in AAD would have two broad objects:

    • Application Object
    • Service Principal Object

    Both these objects would have separate object IDs and these object IDs would only be visible under the tenant where they are registered.

    Do let me know the exact end goal of yours so that accordingly I can share the powershell cmdlets too. There are Powershell cmdlets available to achieve the same task as the powershell cmdlets use the same Graph APIs in the backend.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.