Update permissions-grant-via-msgraph.md #9045
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
You will be able to see the new permission at the Enterprise Applications - PermissionsTab Under the App registration it will be Other Permissions add at the end of the list for API permissions tab. In order to move that permission and activate you need to Grant Admin Consent. I was following this guide for python and I found a little bit challenge. So adding the things I believe it would make it more clear 1) The object ID for the SP is to be taken from Enterprise Applications. 2) The user that will pass the credentials to alter the SP must have high permissions to do it so. I was able to do that with one SP added as global administrator and that one given permissions to a second SP. 3) Which libraries for python to be able to use the sample code. This was my personal step by step: 1 Replace the information client_ID and Client_secret with the SP with high permissions. This first step will represent the credential that must have enough permissions for the next step. tenant_id = "Replace with Tenant ID" client_id = "Replace with Service Principal ID that has high permissions" client_secret = "Replace with secret from the SP that has high permissions" 6.2 The next step you will replace with the Service Principal that you will change the permissions. For example adding those 2 permissions. You will use the Object ID as Client_ID that you got from the Enterprise Applications: • User.Read.All • User.ReadWrite.All In the code context: • Resource ID is the Microsoft Graph ID that • Client_ID is the Object ID from Enterprise Application • App Role id is the ID of the role that you want to change
|
Learn Build status updates of commit 1d02cd4: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
@FaithOmbongi , can you please take a look at this PR and approve? |
FaithOmbongi
added
the
area: Entra
FaithOmbongi
added
the
area: app model
FaithOmbongi
approved these changes
Jan 25, 2024
There was a problem hiding this comment.
Thank you @LiliamLeme for this useful contribution. I've made a few edits and also removed the note "> [!IMPORTANT]
The Service Principal that will be used for the Credentials Authentication must have enough authority to be able to add or remove permissions."
because this requirement is mentioned as the second requirement the prerequisites. Hope this is in order.
FaithOmbongi
added
content review complete
|
Learn Build status updates of commit a9fc663: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Learn Build status updates of commit b31a990: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
You will be able to see the new permission at the Enterprise Applications - PermissionsTab Under the App registration it will be Other Permissions add at the end of the list for API permissions tab. In order to move that permission and activate you need to Grant Admin Consent.
I was following this guide for python and I found a little bit challenge. So adding the things I believe it would make it more clear 1) The object ID for the SP is to be taken from Enterprise Applications.
This was my personal step by step:
1 Replace the information client_ID and Client_secret with the SP with high permissions. This first step will represent the credential that must have enough permissions for the next step.
tenant_id = "Replace with Tenant ID"
client_id = "Replace with Service Principal ID that has high permissions" client_secret = "Replace with secret from the SP that has high permissions"
6.2 The next step you will replace with the Service Principal that you will change the permissions. For example adding those 2 permissions. You will use the Object ID as Client_ID that you got from the Enterprise Applications: • User.Read.All
• User.ReadWrite.All
In the code context:
• Resource ID is the Microsoft Graph ID that
• Client_ID is the Object ID from Enterprise Application • App Role id is the ID of the role that you want to change