Get-EntraServicePrincipalDelegatedPermissionClassification

Reference

Module:: Microsoft.Graph.Entra

Retrieve the delegated permission classification objects on a service principal.

Syntax

Get-EntraServicePrincipalDelegatedPermissionClassification
   -ServicePrincipalId <String>
   [-Filter <String>]
   [-Property <String[]>]
   [<CommonParameters>]

Get-EntraServicePrincipalDelegatedPermissionClassification
   -ServicePrincipalId <String>
   -Id <String>
   [-Property <String[]>]
   [<CommonParameters>]

Description

The Get-EntraServicePrincipalDelegatedPermissionClassification cmdlet retrieves the delegated permission classifications from a service principal.

Examples

Example 1: Get a list of delegated permission classifications

Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'"
$params = @{
  ServicePrincipalId = $servicePrincipal.ObjectId
}
Get-EntraServicePrincipalDelegatedPermissionClassification @params

Id                      Classification PermissionId                         PermissionName
--                      -------------- ------------                         --------------
bbbbbbbb-7777-8888-9999-cccccccccccc low            eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All
cccccccc-8888-9999-0000-dddddddddddd low            dddd3333-ee44-5555-66ff-777777aaaaaa profile

This command retrieves all delegated permission classifications from the service principal.

-ServicePrincipalId parameter specifies the unique identifier of a service principal. Use Get-EntraServicePrincipal to get more details.

Example 2: Get a delegated permission classifications

Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'"
$params = @{
  ServicePrincipalId = $servicePrincipal.ObjectId 
  Id = '5XBeIKarUkypdm0tRsSAQwE'
}
Get-EntraServicePrincipalDelegatedPermissionClassification @params

Id                      Classification PermissionId                         PermissionName
--                      -------------- ------------                         --------------
bbbbbbbb-7777-8888-9999-cccccccccccc low            eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All

This command retrieves the delegated permission classification by Id from the service principal.

-ServicePrincipalId parameter specifies the unique identifier of a service principal. Use Get-EntraServicePrincipal to get more details.
-Id parameter specifies the delegated permission classification object Id.

Example 3: Get a delegated permission classification with filter

Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'"
$params = @{
  ServicePrincipalId = $servicePrincipal.ObjectId  
  Filter = "PermissionName eq 'Sites.Read.All'"
}
Get-EntraServicePrincipalDelegatedPermissionClassification @params

Id                      Classification PermissionId                         PermissionName
--                      -------------- ------------                         --------------
bbbbbbbb-7777-8888-9999-cccccccccccc low            eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All

This command retrieves the filtered delegated permission classifications from the service principal.

-ServicePrincipalId parameter specifies the unique identifier of a service principal. Use Get-EntraServicePrincipal to get more details.
-Id parameter specifies the delegated permission classification object Id.

Parameters

-Filter

The OData v4.0 filter statement. Controls which objects are returned.

Type:	System.String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-Id

The unique identifier of a delegated permission classification object ID.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Property

Specifies properties to be returned.

Type:	System.String[]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ServicePrincipalId

The unique identifier of a service principal object in Microsoft Entra ID.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

Outputs

Microsoft.Online.Administration.DelegatedPermissionClassification

Share via

Get-EntraServicePrincipalDelegatedPermissionClassification

Syntax

Description

Examples

Example 1: Get a list of delegated permission classifications

Example 2: Get a delegated permission classifications

Example 3: Get a delegated permission classification with filter

Parameters

-Filter

-Id

-Property

-ServicePrincipalId

Outputs

Feedback

Additional resources

Share via

Get-EntraServicePrincipalDelegatedPermissionClassification

Syntax

Description

Examples

Example 1: Get a list of delegated permission classifications

Example 2: Get a delegated permission classifications

Example 3: Get a delegated permission classification with filter

Parameters

-Filter

-Id

-Property

-ServicePrincipalId

Outputs

Related Links

Feedback

Additional resources