问题
I'm trying to rewrite powershell script that creates Azure AD application and assigns permission to it. The script is using AzureAD module, I would like to use new Az module, so I can run it on Linux/MacOS.
Creating a new application is easy (New-AzADApplication) but I have a problem with permissions.
Old script is using this code to assign permissions:
#=============Graph Permissions========================
$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "df021288-bdef-4463-88db-98f22de89214","Role"
$req.ResourceAccess = $acc1
$req.ResourceAppId = "00000003-0000-0000-c000-000000000000" #Microsoft Graph
Set-AzureADApplication -ObjectId $AppObjectId -RequiredResourceAccess $req
But this will not work on Linux/MacOS. Is there any way to do this? If not from powershell than maybe using some other method? The main goal is to run it from Linux.
回答1:
The Azure CLI is easy to get started with and best used for Microsoft's cross-platform command-line experience for managing Azure resources on macOS, Linux, or Windows and run it from the command line.
Your case
In your case you could try with Following CLI command for application permission:
az ad app permission add --api --api-permissions --id [--subscription]
For example
See add a Graph API permission of "Sign in and read user profile" command below:
az ad app permission add --id eeba0b46-78e5-4a1a-a1aa-cafe6c123456 --api 00000002-0000-0000-c000-000000000000 --api-permissions 311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope
Required Parameters
Following parameters required for this permission
--api
The target API to access.
--api-permissions
Space seperated list of =.
--id
Identifier uri, application id, or object id.
For more details CLI command you also could refer here
Note :
To executes above command you must need to install the CLI locally, run it in the browser with Azure Cloud Shell, or run in a Docker container. For installation reference you could see here
Powershell Command
You could find details steps here
I hope this would be helpful what you expected to do. Let's try it out. Thank you!
来源:https://stackoverflow.com/questions/55385802/how-to-give-azure-ad-application-access-to-required-permissions-using-powershell