2,525 questions
Hi Team,
I was able to resolve the issue with adding CAA Role for my App registration, please consider this question as closed
Unable to create azure ad app registration password (secret) via service conection Azure devops
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 7.000000000000001%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENC%3C/text%3E%3C/svg%3E)
Namith Chandran
0
Reputation points
Hi MS Team,
Unable to create azure ad app registration secret via service connection Azure devops & Terraform . I have a App registration with Owner / Contributor RBAC, MS Graph API permission as below.
But still I receive below Error. Could you please help me on this?
│ Error: Adding password for Application (Application: "9a0ff7ae-2aec-xxxxxxxxxxx")
│
│ with azuread_application_password.my_app_secret,
│ on main.tf line 17, in resource "azuread_application_password" "my_app_secret":
│ 17: resource "azuread_application_password" "my_app_secret" {
│
│ unexpected status 403 (403 Forbidden) with error:
│ Authorization_RequestDenied: Insufficient privileges to complete the
│ operation.
| Application.Read.All | Delegated | Read applications | Yes | Granted for Default Directory | |
|---|---|---|---|---|---|
| Application.Read.All | Delegated | Read applications | Yes | Granted for Default Directory | |
| Application.ReadWrite.All | Delegated | Read and write all applications | Yes | Granted for Default Directory | |
| Application.ReadWrite.OwnedBy | Application | Manage apps that this app creates or owns | Yes | Granted for Default Directory | |
| Directory.ReadWrite.All | Delegated | Read and write directory data | Yes | Granted for Default Directory | |
| Group.Create | Application | Create groups | Yes | Granted for Default Directory | |
| Group.Read.All | Delegated | Read all groups | Yes | Granted for Default Directory | |
| Group.ReadWrite.All | Delegated | Read and write all groups | Yes | Granted for Default Directory | |
| Group.ReadWrite.All | Application | Read and write all groups | Yes | Granted for Default Directory | |
| PrivilegedAccess.Read.AzureADGroup | Delegated | Read privileged access to Azure AD groups | Yes | Granted for Default Directory | |
| PrivilegedAccess.ReadWrite.AzureADGroup | Delegated | Read and write privileged access to Azure AD groups | Yes | Granted for Default Directory | |
| User.Read | Delegated | Sign in and read user profile | No | Granted for Default Directory | |
| User.ReadWrite.All |