Share via

Needed permissions to create appRoleAssignment for an user

Francisco Javier Gomariz Abril 0 Reputation points Microsoft Employee
2025-02-22T14:05:01.0466667+00:00

I am trying to create an appRoleAssignment for an user. I see the same behavior using Microsoft Graph, the API or the Graph client. It works using Entra portal.

I have consented AppRoleAssignment.ReadWrite.All permission in Graph:
User's image

I am using the endpoint:

https://graph.microsoft.com/v1.0/users/{user-id}/appRoleAssignments

And the body and response are:

{
    "resourceId": "identifier of application with app roles",
    "appRoleId": "identifier of the app role",
    "principalId": "user-id"
}

And the response is:

{
    "error": {
        "code": "Authorization_RequestDenied",
        "message": "Insufficient privileges to complete the operation.",
        "innerError": {
            ...
        }
    }
}

Am I missing something? Is the permission correct?

Thank you.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,113 questions
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.