stackoom
  简体   繁体   中英

How to set correct privileges to use Python Azure SDK for Graph?

 原文  2020-05-05 15:05:44       python/ azure/ azure-ad-graph-api

Question

I am trying to add a reply_url programmatically to an Azure app registration, but I receive an GraphErrorException: Insufficient privileges to complete the operation .

Problem is I don't understand which privileges my app registration needs.

Basically I am using the credentials of the app registration to change its own reply_urls.

The privileges set are User.Read and Application.ReadWrite.OwnedBy . Both granted.

Which one am I missing? And how can I find out?

This is the SDK I am using: azure-graphrbac==0.61.1

My code looks like this:

class GraphClient:
    def __init__(self, client_id, client_secret, tenant_id, object_id):
        self._credentials = ServicePrincipalCredentials(
            client_id=client_id,
            secret=client_secret,
            tenant=tenant_id,
            resource="https://graph.windows.net"
        )
        self._graph_client = GraphRbacManagementClient(
            credentials=self._credentials,
            tenant_id=tenant_id
        )
        self._application = self._graph_client.applications.get(object_id)

    def get_reply_urls(self) -> List[str]:
        return self._application.reply_urls

    def add_reply_url(self, reply_url) -> None:
        reply_urls: list = self.get_reply_urls()
        self._graph_client.applications.patch(
            self._application.app_id,
            ApplicationUpdateParameters(
                reply_urls=[
                    *reply_urls,
                    reply_url]
            )
        )

EDIT: Added permissions screenshot在此处输入图像描述

1 answers

solution1
 1 ACCPTED  2020-05-06 07:21:12

If use microsoft graph, the resource should be: https://graph.microsoft.com

If use azure ad graph, the resource should be: https://graph.windows.net

According to your code, the resource is https://graph.windows.net , so it request azure ad graph api in the backend. So we need to add the permissions of azure ad graph but not microsoft graph.

The screenshot you provided shows you added the permission Application.ReadWrite.OwnedBy of microsoft graph but not azure ad graph. So please remove it and add the same permission which belongs to azure ad graph. 在此处输入图像描述

在此处输入图像描述

Then don't forget to grant admin consent for it.

在此处输入图像描述

Hope it helps~

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use create tags Python Azure SDK? How use Eventhub and Storage SDK in python in Azure How to patch an existing application using Python Azure SDK and Graph? Python SDK Azure Resource Graph response not iterable Unable to use azure SDK in Python How to use Azure-Python SDK `ResourcesMoveInfo` class in python Azure Python SDK: How to set auto-shutdown task on VMs? How to set the properties of an Azure Table through python sdk How to set identity to managed for Azure Data Factory using Python SDK? How to use multithreading to search for blob? - Azure Python SDK
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM