Skip to content

Commit ba6b94a

Browse files
msewawerumsewaweru
committed
Minor edits
1 parent 974fee6 commit ba6b94a

File tree

1 file changed

+12
-7
lines changed

1 file changed

+12
-7
lines changed

microsoftgraph/docs-conceptual/how-to-grant-revoke-api-permissions.md

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -123,13 +123,14 @@ To create a delegated permission grant, you need the following information:
123123
1. **ResourceId** - object ID of the service principal representing the resource app in the tenant.
124124
1. **Scope** - space-delimited list of permission claim values, for example `User.Read.All`.
125125

126-
In this example, the object ID of the resource service principal is `2cab1707-656d-40cc-8522-3178a184e03d`. You grant the `Group.Read.All` scope to the service principal and grant consent on behalf of all users in the tenant.
126+
In this example, you grant the `Group.Read.All` scope to the service principal and grant consent on behalf of all users in the tenant.
127127

128128
```powershell
129+
$resource = Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Graph'"
129130
$params = @{
130131
"ClientId" = "11112222-bbbb-3333-cccc-4444dddd5555"
131132
"ConsentType" = "AllPrincipals"
132-
"ResourceId" = "2cab1707-656d-40cc-8522-3178a184e03d"
133+
"ResourceId" = $resource.Id
133134
"Scope" = "Group.Read.All"
134135
}
135136
@@ -142,7 +143,7 @@ Id : DXfBIt8w50mnY_OdLvmzadDQeqbRp9tKjNm83QyGbTw
142143
ClientId : 11112222-bbbb-3333-cccc-4444dddd5555
143144
ConsentType : AllPrincipals
144145
PrincipalId :
145-
ResourceId : a67ad0d0-a7d1-4adb-8cd9-bcdd0c866d3c
146+
ResourceId : 11112222-bbbb-3333-cccc-4444dddd5555
146147
Scope : Group.Read.All
147148
```
148149

@@ -157,7 +158,7 @@ ClientId : 11112222-bbbb-3333-cccc-4444dddd5555
157158
ConsentType : AllPrincipals
158159
Id : DXfBIt8w50mnY_OdLvmzadDQeqbRp9tKjNm83QyGbTw
159160
PrincipalId :
160-
ResourceId : 2cab1707-656d-40cc-8522-3178a184e03d
161+
ResourceId : 11112222-bbbb-3333-cccc-4444dddd5555
161162
Scope : Group.Read.All User.Read.All
162163
AdditionalProperties : {}
163164
```
@@ -299,14 +300,18 @@ In this step, you assign an app role exposed by your resource app to the service
299300
1. **ResourceId** - object Id of the service principal representing the resource app in your tenant.
300301
1. **AppRoleId** - Id of the app role to be assigned, defined on the service principal representing the resource.
301302

303+
304+
302305
```powershell
306+
$resource = Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Graph'"
307+
$roleId = $resource.AppRoles | Where-Object { $_.Value -eq 'User.Read.All' } | Select-Object -ExpandProperty Id
303308
$params = @{
304309
"PrincipalId" ="11112222-bbbb-3333-cccc-4444dddd5555"
305-
"ResourceId" = "2cab1707-656d-40cc-8522-3178a184e03d"
306-
"AppRoleId" = "df021288-bdef-4463-88db-98f22de89214"
310+
"ResourceId" = $resource.Id
311+
"AppRoleId" = $roleId
307312
}
308313
309-
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId '2cab1707-656d-40cc-8522-3178a184e03d' -BodyParameter $params |
314+
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $resource.Id -BodyParameter $params |
310315
Format-List Id, AppRoleId, CreatedDateTime, PrincipalDisplayName, PrincipalId, PrincipalType, ResourceDisplayName
311316
```
312317

0 commit comments

Comments
 (0)