Azure AD permissions needed
See original GitHub issueHi There, I am running a pipeline under a service principal and I try to add new owners to the Azure AD applications that I create through this SP. The latter as the following permissions granted: However I am not able to add new owners when I create a new application here is the steps that I follow:
#login using the service principal
$ az login --service-principal --user $app_id --password $app_secret --tenant $tenant_id
#creating new application
$ export created_app_id=$(az ad app create --display-name "sp-created-app2" --query appid -o tsv)
#Add new owner to my subscription
$ az ad app owner add --id $created_app_id --owner-object-id $my_azuread_user
Insufficient privileges to complete the operation.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 7af83ae6-8be6-c2a3-e994-d09b60ddc167
- Version Independent ID: 70f8a6b9-5cba-2e41-1046-423405782c4c
- Content: az ad app owner
- Content Source: src/azure-cli/azure/cli/command_modules/role/_help.py
- Service: active-directory
- GitHub Login: @rloutlaw
- Microsoft Alias: routlaw
Issue Analytics
- State:
- Created 3 years ago
- Comments:14 (6 by maintainers)
Top Results From Across the Web
Azure AD built-in roles - Active Directory - Microsoft Learn
Role Description Template ID
Attribute Definition Reader Read the definition of custom security attributes. 1d336d2c...
Azure DevOps Administrator Can manage Azure DevOps policies and settings....
Read more >Least privileged roles by task - Azure Active Directory
In this article, you can find the information needed to restrict a user's administrator permissions by assigning least privileged roles in Azure ...
Read more >Overview of permissions and consent in the Microsoft identity ...
Delegated access requires delegated permissions. Both the client and ... For example, an application can be assigned an Azure AD RBAC role.
Read more >Understand roles in Azure Active Directory - Microsoft Learn
Azure AD-specific roles: These roles grant permissions to manage resources within Azure AD only. For example, User Administrator, Application ...
Read more >Default user permissions - Azure Active Directory
In Azure Active Directory (Azure AD), all users are granted a set of default permissions. A user's access consists of the type of...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hi, @markthebault I am in the process of adding the permission. Found this article https://docs.microsoft.com/en-us/graph/api/application-post-owners?view=graph-rest-1.0&tabs=http seems like it is necessary @jiasli
Hi Guys I managed to solve the issue, this is the permission that was missing:
You do only need the following permissions to do the use-case presented: Azure active directory graphs: