question

jjeziorny avatar image
0 Votes"
jjeziorny asked BobJohnson-6874 edited

Graph API permission for azure cli rest command

When calling rest graph api though the azure cli, one might need certain permissions. However the az cli does not have an app in aad to grant the permission thorugh. So how should this be done?
I understand it could be possible using a SP for the az cli authentication, but want to avoid that as many users use the cli and don't want to create an SP for each one.

 $ az rest --method get --url https://graph.microsoft.com/beta/privilegedAccess/azureResources/roleAssignments?$filter=subjectId+eq+'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx'
 Unauthorized({
   "error": {
     "code": "UnknownError",
     "message": "{\"errorCode\":\"PermissionScopeNotGranted\",\"message\":\"Authorization failed due to missing permission scope PrivilegedAccess.Read.AzureResources,PrivilegedAccess.ReadWrite.AzureResources.\",\"target\":null,\"details\":null,\"innerError\":null,\"instanceAnnotations\":[],\"typeAnnotation\":null}",
     "innerError": {
       "date": "2021-02-18T14:18:50",
       "request-id": "b5c00ab3-a964-42d1-a244-32da8df9dda8",
       "client-request-id": "b5c00ab3-a964-42d1-a244-32da8df9dda8"
     }
   }
 })


not-supported
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers