问题
I'm using service principal as login item for azure cli. The role of this service principal is "owner".
I'm trying to run:
az ad app list
and
az ad app create --display-name "Test application 2"
and getting error:
Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.
What role should I assign to this service principal?
回答1:
Your service principal is missing permissions related to reading and writing applications in Azure AD.
- Go to your Azure AD, "Registered applications"
- Find your service principal (may need to look at all applications instead of just my)
- Add required permissions as shown below:
Once you've selected the right permissions and done. Please click on "Grant Permissions" because these permissions need Admin consent.
来源:https://stackoverflow.com/questions/53009509/service-principal-privileges-for-app-registration-creation