Ability to Grant Permissions via API or Powershell
Azure AD allows you to create app registrations, define roles on them and give permissions to each other (as application identities). This way you can have a Web application talking to your API with its service principal and you can protect your API with roles.
Service Principal creation, role definition and permission assignment can be done through Portal, Powershell and API. But in order to make Application Permissions (which requires admin consent) work, you need someone with Global Administrator role to go to Azure Portal and click Grant Permissions button (or do the same thing via OAuth prompt on your web apps).
Right now there is no way to automatize Grant Permissions and it is a manual process at the moment. We confirmed this with the Microsoft Support and Product Teams as well.
If this can be managed via Powershell or API, we would like to include it in our Automation Runbooks and take the work load off of our security teams.
Harun Legoz
shared this idea
Thank you for the feedback! This is in the backlog and we are looking into this. We don’t have an ETA yet, but we will share once we have one. Please keep voting if this feature matters to you.
7 comments
-
Filip Van Raemdonck
commented
Hi,
Is it possible to do this via powershell already? -
Alex Salter
commented
Please also consider providing a means to grant permissions through az as well.
-
Ben Hatton
commented
As a workaround, a module to invoke REST API has been contributed by Jos Lieben:
[apologies for previous now deleted post, didn't sufficiently read what I was suggesting]
-
anajafi
commented
do we have grant permissions for users via powershell yet?
-
Anonymous
commented
This feature will help us to complete our automation runbooks without any manual intervention.
-
Anonymous
commented
When can we expect Oauth2 grant permissions command through powershell?
-
Sebastian
commented
Still no cmdlet for that?