[英]How to give Azure AD application access to required permissions using powershell Az module
I'm trying to rewrite powershell script that creates Azure AD application and assigns permission to it.我正在尝试重写创建 Azure AD 应用程序并为其分配权限的 powershell 脚本。 The script is using AzureAD module, I would like to use new Az module, so I can run it on Linux/MacOS.该脚本使用 AzureAD 模块,我想使用新的 Az 模块,因此我可以在 Linux/MacOS 上运行它。
Creating a new application is easy (New-AzADApplication) but I have a problem with permissions.创建新应用程序很容易 (New-AzADApplication),但我有权限问题。
Old script is using this code to assign permissions:旧脚本使用此代码分配权限:
#=============Graph Permissions========================
$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "df021288-bdef-4463-88db-98f22de89214","Role"
$req.ResourceAccess = $acc1
$req.ResourceAppId = "00000003-0000-0000-c000-000000000000" #Microsoft Graph
Set-AzureADApplication -ObjectId $AppObjectId -RequiredResourceAccess $req
But this will not work on Linux/MacOS.但这不适用于 Linux/MacOS。 Is there any way to do this?有没有办法做到这一点? If not from powershell than maybe using some other method?如果不是来自powershell,那么也许使用其他方法? The main goal is to run it from Linux.主要目标是从 Linux 运行它。
The Azure CLI is easy to get started with and best used for Microsoft's cross-platform command-line experience for managing Azure resources on macOS, Linux, or Windows and run it from the command line. Azure CLI易于上手,最适合 Microsoft 的跨平台命令行体验,用于管理 macOS、Linux 或 Windows 上的 Azure 资源并从命令行运行它。
Your case你的情况
In your case you could try with Following CLI command for application permission:在您的情况下,您可以尝试使用以下 CLI 命令获取应用程序权限:
az ad app permission add --api --api-permissions --id [--subscription] az 广告应用权限添加 --api --api-permissions --id [--subscription]
For example例如
See add a Graph API permission of " Sign in and read user profile " command below:请参阅下面添加“ 登录并读取用户配置文件”命令的图形 API 权限:
az ad app permission add --id eeba0b46-78e5-4a1a-a1aa-cafe6c123456 --api 00000002-0000-0000-c000-000000000000 --api-permissions 311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope
Required Parameters所需参数
Following parameters required for this permission此权限所需的以下参数
--api --api
The target API to access.要访问的目标 API。
--api-permissions --api-权限
Space seperated list of =. = 的空格分隔列表。
--id - ID
Identifier uri, application id, or object id.标识符 uri、应用程序 id 或对象 id。
For more details CLI command you also could refer here有关 CLI 命令的更多详细信息,您也可以参考此处
Note :笔记 :
To executes above command you must need to install the CLI locally, run it in the browser with Azure Cloud Shell, or run in a Docker container.要执行上述命令,您必须在本地安装 CLI,使用 Azure Cloud Shell 在浏览器中运行它,或在 Docker 容器中运行。 For installation reference you could see here有关安装参考,您可以在此处查看
You could find details steps here您可以在此处找到详细步骤
I hope this would be helpful what you expected to do.我希望这对您期望做的事情有所帮助。 Let's try it out.让我们试试看。 Thank you!谢谢!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.