Get-MgServicePrincipalAppRoleAssignment
Read the properties and relationships of an appRoleAssignment object.
Note
To view the beta release of this cmdlet, view Get-MgBetaServicePrincipalAppRoleAssignment
Syntax
Get-MgServicePrincipalAppRoleAssignment
-ServicePrincipalId <String>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
[-Search <String>]
[-Skip <Int32>]
[-Sort <String[]>]
[-Top <Int32>]
[-ConsistencyLevel <String>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PageSize <Int32>]
[-All]
[-CountVariable <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Get-MgServicePrincipalAppRoleAssignment
-AppRoleAssignmentId <String>
-ServicePrincipalId <String>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Get-MgServicePrincipalAppRoleAssignment
-InputObject <IApplicationsIdentity>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Description
Read the properties and relationships of an appRoleAssignment object.
Permissions
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | Application.Read.All | Application.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Application.Read.All | Application.ReadWrite.All, Application.ReadWrite.OwnedBy, Directory.Read.All, Directory.ReadWrite.All |
Examples
Example 1: Get all application role assignments for a service principal
Get-MgServicePrincipalAppRoleAssignment -ServicePrincipalId '0bdb123d-b8a7-4cc9-8cc2-bd17bad06f61' | Format-List
AppRoleId : 00000000-0000-0000-0000-000000000000
CreatedDateTime : 8/31/2021 2:01:28 PM
DeletedDateTime :
Id : PRLbC6e4yUyMwr0XutBvYfZHkKGzlbxDr2I-QJWN9rs
PrincipalDisplayName : Example App
PrincipalId : 0bdb123d-b8a7-4cc9-8cc2-bd17bad06f61
PrincipalType : ServicePrincipal
ResourceDisplayName : Office 365 Management APIs
ResourceId : 557aedfc-007c-4904-918a-7e6fed2e7403
AdditionalProperties : {[@odata.id, https://graph.microsoft.com/v2/fb625e04-52aa-42da-b10d-14f1195d665f/directoryObjects/$/Microsof
t.DirectoryServices.ServicePrincipal('0bdb123d-b8a7-4cc9-8cc2-bd17bad06f61')/appRoleAssignments/PRLbC6e4yUyM
wr0XutBvYfZHkKGzlbxDr2I-QJWN9rs]}
AppRoleId : 00000000-0000-0000-0000-000000000000
CreatedDateTime : 8/31/2021 1:59:44 PM
DeletedDateTime :
Id : PRLbC6e4yUyMwr0XutBvYZsr7FiAW3pIqP4F9944yBc
PrincipalDisplayName : Example App
PrincipalId : 0bdb123d-b8a7-4cc9-8cc2-bd17bad06f61
PrincipalType : ServicePrincipal
ResourceDisplayName : Office 365 SharePoint Online
ResourceId : 1c48f923-4fbb-4d37-b772-4d577eefec9e
AdditionalProperties : {[@odata.id, https://graph.microsoft.com/v2/fb625e04-52aa-42da-b10d-14f1195d665f/directoryObjects/$/Microsof
t.DirectoryServices.ServicePrincipal('0bdb123d-b8a7-4cc9-8cc2-bd17bad06f61')/appRoleAssignments/PRLbC6e4yUyM
wr0XutBvYZsr7FiAW3pIqP4F9944yBc]}
This example gets the application role assignments that have been granted to the specified service principal.
Parameters
-All
List all pages.
Type: | SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AppRoleAssignmentId
The unique identifier of appRoleAssignment
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ConsistencyLevel
Indicates the requested consistency level. Documentation URL: https://docs.microsoft.com/graph/aad-advanced-queries
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CountVariable
Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.
Type: | String |
Aliases: | CV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExpandProperty
Expand related entities
Type: | String[] |
Aliases: | Expand |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Filter
Filter items by property values
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
Type: | IDictionary |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | IApplicationsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-PageSize
Sets the page size of results.
Type: | Int32 |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
Type: | ActionPreference |
Aliases: | proga |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Property
Select properties to be returned
Type: | String[] |
Aliases: | Select |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
Type: | String |
Aliases: | RHV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Search
Search items by search phrases
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ServicePrincipalId
The unique identifier of servicePrincipal
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Skip
Skip the first n items
Type: | Int32 |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Sort
Order items by property values
Type: | String[] |
Aliases: | OrderBy |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Top
Show only the first n items
Type: | Int32 |
Aliases: | Limit |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IApplicationsIdentity
System.Collections.IDictionary
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAppRoleAssignment
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <IApplicationsIdentity>
: Identity Parameter
[AppId <String>]
: Alternate key of application[AppManagementPolicyId <String>]
: The unique identifier of appManagementPolicy[AppRoleAssignmentId <String>]
: The unique identifier of appRoleAssignment[ApplicationId <String>]
: The unique identifier of application[ApplicationTemplateId <String>]
: The unique identifier of applicationTemplate[ClaimsMappingPolicyId <String>]
: The unique identifier of claimsMappingPolicy[DelegatedPermissionClassificationId <String>]
: The unique identifier of delegatedPermissionClassification[DirectoryDefinitionId <String>]
: The unique identifier of directoryDefinition[DirectoryObjectId <String>]
: The unique identifier of directoryObject[EndpointId <String>]
: The unique identifier of endpoint[ExtensionPropertyId <String>]
: The unique identifier of extensionProperty[FederatedIdentityCredentialId <String>]
: The unique identifier of federatedIdentityCredential[GroupId <String>]
: The unique identifier of group[HomeRealmDiscoveryPolicyId <String>]
: The unique identifier of homeRealmDiscoveryPolicy[Name <String>]
: Alternate key of federatedIdentityCredential[OAuth2PermissionGrantId <String>]
: The unique identifier of oAuth2PermissionGrant[ServicePrincipalId <String>]
: The unique identifier of servicePrincipal[SynchronizationJobId <String>]
: The unique identifier of synchronizationJob[SynchronizationTemplateId <String>]
: The unique identifier of synchronizationTemplate[TargetDeviceGroupId <String>]
: The unique identifier of targetDeviceGroup[TokenIssuancePolicyId <String>]
: The unique identifier of tokenIssuancePolicy[TokenLifetimePolicyId <String>]
: The unique identifier of tokenLifetimePolicy[UniqueName <String>]
: Alternate key of application[UserId <String>]
: The unique identifier of user