CODEWITHSUNDEEP
azureazure-active-directoryazure-ad-graph-api
treasa
treasa

Reputation: 25

Create a new role assignment for an enterprise application using Graph beta version

I am trying to create role assignments for an enterprise application using Graph api beta version .

I am following Microsoft document to do the same

https://learn.microsoft.com/en-us/graph/api/serviceprincipal-post-approleassignments?view=graph-rest-beta&tabs=http

Error:

This is the error I am getting while checking :

Write requests are only supported on contained entities

I tried the same using the Azure AD Graph also(graph.windows.net) and I am able to achieve the following.

{
  "error": {
    "code": "BadRequest",
    "message": "Write requests are only supported on contained entities",
    "innerError": {
      "request-id": "f8b80735-c516-4a65-9f42-2b3088f2951a",
      "date": "2019-07-30T09:23:13"
    }
  }
}

Upvotes: 1

Views: 176

Answers (1)

Joy Wang
Joy Wang

Reputation: 42063

I can reproduce your issue via Microsoft Graph API, not sure what causes the issue. Also, it is a Beta version, I don't recommend you to use it in your production environment.

The Azure AD Graph API works for me, you could refer to the request sample as below.

Note: The id is the role id which was declared by the target resource application resourceId in its appRoles property. My sample application does not declare any permissions, so I specify a default id (zero GUID 00000000-0000-0000-0000-000000000000).

POST https://graph.windows.net/myorganization/servicePrincipals/<objetc id of the service principal>/appRoleAssignments?api-version=1.6 

{
    "id":"00000000-0000-0000-0000-000000000000",
    "principalId":"<object id of the user/group/service principal being granted the access>",
    "resourceId":"<objetc id of the service principal which the assignment was made>"

}

enter image description here

Upvotes: 0

Related Questions