Skip to content

Latest commit

 

History

History
193 lines (148 loc) · 5.08 KB

File metadata and controls

193 lines (148 loc) · 5.08 KB
external help file Az.Resources-help.xml
Module Name Az.Resources
online version https://learn.microsoft.com/powershell/module/az.resources/add-azadapppermission
schema 2.0.0
content_git_url https://github.com/Azure/azure-powershell/blob/main/src/Resources/Resources/help/Add-AzADAppPermission.md
original_content_git_url https://github.com/Azure/azure-powershell/blob/main/src/Resources/Resources/help/Add-AzADAppPermission.md

Add-AzADAppPermission

SYNOPSIS

Adds an API permission.

SYNTAX

ObjectIdParameterSet (Default)

Add-AzADAppPermission -ApiId <Guid> -PermissionId <String> -ObjectId <Guid> [-Type <String>]
 [-DefaultProfile <PSObject>] [-WhatIf] [-Confirm] [<CommonParameters>]

AppIdParameterSet

Add-AzADAppPermission -ApiId <Guid> -PermissionId <String> [-Type <String>] -ApplicationId <Guid>
 [-DefaultProfile <PSObject>] [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

Adds an API permission. The list of available permissions of API is property of application represented by service principal in tenant.

For instance, to get available permissions for Graph API:

  • Azure Active Directory Graph: Get-AzAdServicePrincipal -ApplicationId 00000002-0000-0000-c000-000000000000
  • Microsoft Graph: Get-AzAdServicePrincipal -ApplicationId 00000003-0000-0000-c000-000000000000

Application permissions under the appRoles property correspond to Role in -Type. Delegated permissions under the oauth2Permissions property correspond to Scope in -Type.

User needs to grant consent via Azure Portal if the permission requires admin consent because Azure PowerShell doesn't support it yet.

EXAMPLES

Example 1: Add API Permission

Add-AzADAppPermission -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -ApiId 00000003-0000-0000-c000-000000000000 -PermissionId 5f8c59db-677d-491f-a6b8-5f174b11ec1d

Add delegated permission "Group.Read.All" of Microsoft Graph API to AD Application (aaaabbbb-0000-cccc-1111-dddd2222eeee)

Example 2: Add API Permission

Add-AzADAppPermission -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -ApiId 00000003-0000-0000-c000-000000000000 -PermissionId 1138cb37-bd11-4084-a2b7-9f71582aeddb -Type Role

Add application permission "Device.ReadWrite.All" of Microsoft Graph API to AD Application (aaaabbbb-0000-cccc-1111-dddd2222eeee)

PARAMETERS

-ApiId

The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.

Type: System.Guid
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ApplicationId

The application Id.

Type: System.Guid
Parameter Sets: AppIdParameterSet
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type: System.Management.Automation.PSObject
Parameter Sets: (All)
Aliases: AzContext, AzureRmContext, AzureCredential

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ObjectId

The unique identifier in Azure AD.

Type: System.Guid
Parameter Sets: ObjectIdParameterSet
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PermissionId

The unique identifier for one of the oauth2PermissionScopes or appRole instances that the resource application exposes.

Type: System.String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Type

Specifies whether the id property references an oauth2PermissionScopes(Scope, delegated permission) or an appRole(Role, application permission).

Type: System.String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

System.Boolean

NOTES

RELATED LINKS