| external help file | Az.Resources-help.xml |
|---|---|
| Module Name | Az.Resources |
| online version | https://learn.microsoft.com/powershell/module/az.resources/add-azadapppermission |
| schema | 2.0.0 |
| content_git_url | https://github.com/Azure/azure-powershell/blob/main/src/Resources/Resources/help/Add-AzADAppPermission.md |
| original_content_git_url | https://github.com/Azure/azure-powershell/blob/main/src/Resources/Resources/help/Add-AzADAppPermission.md |
Adds an API permission.
Add-AzADAppPermission -ApiId <Guid> -PermissionId <String> -ObjectId <Guid> [-Type <String>]
[-DefaultProfile <PSObject>] [-WhatIf] [-Confirm] [<CommonParameters>]
Add-AzADAppPermission -ApiId <Guid> -PermissionId <String> [-Type <String>] -ApplicationId <Guid>
[-DefaultProfile <PSObject>] [-WhatIf] [-Confirm] [<CommonParameters>]
Adds an API permission. The list of available permissions of API is property of application represented by service principal in tenant.
For instance, to get available permissions for Graph API:
- Azure Active Directory Graph:
Get-AzAdServicePrincipal -ApplicationId 00000002-0000-0000-c000-000000000000 - Microsoft Graph:
Get-AzAdServicePrincipal -ApplicationId 00000003-0000-0000-c000-000000000000
Application permissions under the appRoles property correspond to Role in -Type.
Delegated permissions under the oauth2Permissions property correspond to Scope in -Type.
User needs to grant consent via Azure Portal if the permission requires admin consent because Azure PowerShell doesn't support it yet.
Add-AzADAppPermission -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -ApiId 00000003-0000-0000-c000-000000000000 -PermissionId 5f8c59db-677d-491f-a6b8-5f174b11ec1dAdd delegated permission "Group.Read.All" of Microsoft Graph API to AD Application (aaaabbbb-0000-cccc-1111-dddd2222eeee)
Add-AzADAppPermission -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -ApiId 00000003-0000-0000-c000-000000000000 -PermissionId 1138cb37-bd11-4084-a2b7-9f71582aeddb -Type RoleAdd application permission "Device.ReadWrite.All" of Microsoft Graph API to AD Application (aaaabbbb-0000-cccc-1111-dddd2222eeee)
The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.
Type: System.Guid
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe application Id.
Type: System.Guid
Parameter Sets: AppIdParameterSet
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe credentials, account, tenant, and subscription used for communication with Azure.
Type: System.Management.Automation.PSObject
Parameter Sets: (All)
Aliases: AzContext, AzureRmContext, AzureCredential
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe unique identifier in Azure AD.
Type: System.Guid
Parameter Sets: ObjectIdParameterSet
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThe unique identifier for one of the oauth2PermissionScopes or appRole instances that the resource application exposes.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies whether the id property references an oauth2PermissionScopes(Scope, delegated permission) or an appRole(Role, application permission).
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalsePrompts you for confirmation before running the cmdlet.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseShows what would happen if the cmdlet runs. The cmdlet is not run.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.