Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] az ad sp create-for-rbac can show the id/objectId of the created service principal #21009

Open
jiasli opened this issue Jan 17, 2022 · 1 comment
Open

[Feature Request] az ad sp create-for-rbac can show the id/objectId of the created service principal #21009

jiasli opened this issue Jan 17, 2022 · 1 comment
Assignees
@jiasli
Labels
feature-request Microsoft Graph
Milestone
Backlog

Comments

@jiasli
Copy link
Member

jiasli commented Jan 17, 2022

Context

The current output of az ad sp create-for-rbac only shows the appId:

$ az ad sp create-for-rbac --role Reader --scope /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590
{
  "appId": "72366639-0238-4559-b44a-9db41c9a3a4b",
  "displayName": "azure-cli-2022-01-17-06-01-22",
  "password": "xxx",
  "tenant": "54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"
}

However, id(in MS Graph)/objectId(in AD Graph) is used when directly calling Role Assignments - Create REST API or granting admin consent (#20792 (comment), #12137 (comment)).

Proposal

az ad sp create-for-rbac can show the id/objectId of the created service principal.

Additional information

az role assignment create can resolve the id/objectId from appId when the current logged-in account has Graph read permission. If the current logged-in account doesn't have Graph read permission, --assignee-object-id must be specified.
@ghost ghost added the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Jan 17, 2022
@jiasli jiasli self-assigned this Jan 17, 2022
@jiasli jiasli added Microsoft Graph feature-request and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Jan 17, 2022
@yonzhan yonzhan added this to the Backlog milestone Jan 17, 2022
@yonzhan
Copy link
Collaborator

yonzhan commented Jan 17, 2022

enhance create-for-rbac

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
feature-request Microsoft Graph
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@jiasli @yonzhan