Hi,
I am using Azure AD Graph API to manage Azure applications.
When trying to assign an application's appRole to a user using API https://graph.windows.net/<TenantID>/servicePrincipals/<ServicePrincipalID>/appRoleAssignments?api-version=1.6, it fails with 403 and response is as below. Even though the API fails, the app role gets assigned to user.
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
The same API works fine with Azure AD Graph Explorer.
The DELETE operation to remove appRoleAssignments works fine without any issues.
Does it need any specific privileges to assign appRole?
Any help on this is appreciated.
Thanks,
Ishwar
I am using Azure AD Graph API to manage Azure applications.
When trying to assign an application's appRole to a user using API https://graph.windows.net/<TenantID>/servicePrincipals/<ServicePrincipalID>/appRoleAssignments?api-version=1.6, it fails with 403 and response is as below. Even though the API fails, the app role gets assigned to user.
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
The same API works fine with Azure AD Graph Explorer.
The DELETE operation to remove appRoleAssignments works fine without any issues.
Does it need any specific privileges to assign appRole?
Any help on this is appreciated.
Thanks,
Ishwar