Skip to main content
Version: 2.112.0

Grant-EasyAppPermissions

SYNOPSIS

Grant reqiured Graph API permissions to service principals.

SYNTAX

Grant-EasyAppPermissions [-ServicePrincipalId] <Guid> [[-AppRoles] <String[]>] [-WhatIf] [-Confirm]
[<CommonParameters>]

DESCRIPTION

This function uses New-MgServicePrincipalAppRoleAssignedTo to assign all required application permissions for the EasyLife365.Collaboration module to a service principal in your Entra ID. You can use this function to grant required permissions to managed identities of Azure Automation Accounts for Function Apps that run the EasyLife365.Collabotration powershell module and use Connect-EasyLife365 -Identity to sign in.

EXAMPLES

EXAMPLE 1

Grant-EasyAppPermissions -ServicePrincipalId da9ea79a-55d4-463f-b1a2-4b5ab1060909

This example grants the application permissions User.Read.All, Group.Read.All, Team.ReadBasic.All to the service principal with the id da9ea79a-55d4-463f-b1a2-4b5ab1060909.

EXAMPLE 2

Grant-EasyAppPermissions -ServicePrincipalId da9ea79a-55d4-463f-b1a2-4b5ab1060909 -AppRoles Write

This example grants the application permissions User.ReadWrite.All, Group.ReadWrite.All, Team.ReadBasic.All to the service principal with the id da9ea79a-55d4-463f-b1a2-4b5ab1060909.

EXAMPLE 3

Grant-EasyAppPermissions -ServicePrincipalId da9ea79a-55d4-463f-b1a2-4b5ab1060909 -AppRoles 'User.ReadWrite.All', 'Group.ReadWrite.All', 'Team.ReadBasic.All', 'Application.Read.All

This example grants a custom set of application permissions to the service principal with the id da9ea79a-55d4-463f-b1a2-4b5ab1060909.

PARAMETERS

-ServicePrincipalId

Use this parameter to specify the object id of the service principal that will be granted permissions.

Type: Guid
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AppRoles

Use this parameter to specify which application permissions shall be granted to the service principal. Use 'Read' to grant User.Read.All, Group.Read.All, Team.ReadBasic.All. Use 'Write' to grant User.ReadWrite.All, Group.ReadWrite.All, Team.ReadBasic.All. Use a custom set of permissions by specifying the name of each application permission like this: 'Group.ReadWrite.All', 'Team.ReadBasic.All'.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: Read
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

None. You cannot pipe values to this cmdlet.

OUTPUTS

[MicrosoftGraphAppRoleAssignment] This function returns object of the type MicrosoftGraphAppRoleAssignment.

NOTES

This function requires the scopes AppRoleAssignment.ReadWrite.All and Application.Read.All only during setup. These application permissions will not be granted to the service principal. You can find the ServicePrincipalId in the Identity tab of the Automation Account or Function App in the Entra ID Portal.

https://docs.easylife365.cloud/docs/add-ons/powershell/grant-easyapppermissions/