Tiju John
Reputation: 1180
azure cli equivalent of Add-AzureADDirectoryRoleMember
I am trying to assign Azure AD Roles (not Azure roles) e.g. Directory Writers to a service principal.
The only documentation i found was using powershell at https://learn.microsoft.com/en-us/powershell/module/azuread/add-azureaddirectoryrolemember?view=azureadps-2.0 and command Add-AzureADDirectoryRoleMember
I am looking for and azure cli version of the same. Does it exist?
an example would also be nice, say
ApplicationId: 3213b664-175c-46ca-944b-247c58abcda5
Object ID: c79e0a39-44cd-475c-8bc4-1f679f85afdd
Directory Writers: 9360feb5-f418-4baa-8175-e2a00bac4301
Thanks.
Upvotes: 2
Views: 598
Answers (1)
Allen Wu
Reputation: 16438
There is not a built-in cmd in Azure CLI to assign AAD directory role.
Here is a workaround which uses Microsoft Graph API (reference here).
$Body = @{
"roleDefinitionId" = "{directory role id}";
"principalId" = "{service principal object id}";
"directoryScopeId" = "/"
} | ConvertTo-Json -Compress
$Body = $Body.Replace('"', '\"')
az rest -m post -u "https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments" -b "$Body"
For how to get the {directory role id}, you can also use Microsoft Graph API List directoryRoles with a filter.
Upvotes: 3
Related Questions
- Add members to Azure Enterprise App through CLI
- Add Azure AD users to Azure AD groups
- Add AzureAD users to AzureAD group
- How to set user assigned identity with Azure Powershell (not az cli)?
- Add Azure group member from on perm AD powershell script
- Trying to find Azure CLI Equivalent of New-AzureADGroupAppRoleAssignment
- C# console app AzureAD how to mimic powershell's Get-AzureADUser
- How to add application to Azure AD programmatically?
- How do I add a Microsoft account to Azure Active Directory?
- AAD PowerShell v2 Add-MsolRoleMember equivalent