You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
az ad sp create-for-rbac can show the id/objectId of the created service principal.
Additional information
az role assignment create can resolve the id/objectId from appId when the current logged-in account has Graph read permission. If the current logged-in account doesn't have Graph read permission, --assignee-object-id must be specified.
The text was updated successfully, but these errors were encountered:
ghost
added
the
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
label
Jan 17, 2022
Context
The current output of
az ad sp create-for-rbac
only shows theappId
:However,
id
(in MS Graph)/objectId
(in AD Graph) is used when directly calling Role Assignments - Create REST API or granting admin consent (#20792 (comment), #12137 (comment)).Proposal
az ad sp create-for-rbac
can show theid
/objectId
of the created service principal.Additional information
az role assignment create
can resolve theid
/objectId
fromappId
when the current logged-in account has Graph read permission. If the current logged-in account doesn't have Graph read permission,--assignee-object-id
must be specified.The text was updated successfully, but these errors were encountered: