如何使用Powershell Az模块授予Azure AD应用程序访问所需权限的权限 [英] How to give Azure AD application access to required permissions using powershell Az module
问题描述
我正在尝试重写Powershell脚本,该脚本创建Azure AD应用程序并为其分配权限.该脚本使用的是AzureAD模块,我想使用新的Az模块,因此可以在Linux/MacOS上运行它.
I'm trying to rewrite powershell script that creates Azure AD application and assigns permission to it. The script is using AzureAD module, I would like to use new Az module, so I can run it on Linux/MacOS.
创建新应用程序很容易(New-AzADApplication),但是权限有问题.
Creating a new application is easy (New-AzADApplication) but I have a problem with permissions.
旧脚本正在使用此代码分配权限:
Old script is using this code to assign permissions:
#=============Graph Permissions========================
$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "df021288-bdef-4463-88db-98f22de89214","Role"
$req.ResourceAccess = $acc1
$req.ResourceAppId = "00000003-0000-0000-c000-000000000000" #Microsoft Graph
Set-AzureADApplication -ObjectId $AppObjectId -RequiredResourceAccess $req
但这在Linux/MacOS上不起作用.有什么办法吗?如果不是从powershell而不是使用其他方法?主要目标是从Linux运行它.
But this will not work on Linux/MacOS. Is there any way to do this? If not from powershell than maybe using some other method? The main goal is to run it from Linux.
推荐答案
Azure CLI 易于入门,最适合用于Microsoft的跨平台命令行体验,用于在macOS,Linux或Windows上管理Azure资源并从命令行运行它.
The Azure CLI is easy to get started with and best used for Microsoft's cross-platform command-line experience for managing Azure resources on macOS, Linux, or Windows and run it from the command line.
您的案件
在您的情况下,您可以尝试使用以下CLI命令获得应用程序权限:
In your case you could try with Following CLI command for application permission:
az广告应用程序权限添加--api --api-权限 - ID [-订阅]
az ad app permission add --api --api-permissions --id [--subscription]
例如
请参阅添加"登录并阅读以下用户个人资料命令:
az ad app permission add --id eeba0b46-78e5-4a1a-a1aa-cafe6c123456 --api 00000002-0000-0000-c000-000000000000 --api-permissions 311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope
必需参数
此权限
-api
--api
要访问的目标API.
-api权限
用空格分隔的=列表.
-id
标识符uri,应用程序ID或对象ID.
Identifier uri, application id, or object id.
有关CLI命令的更多详细信息,您还可以参考此处
For more details CLI command you also could refer here
注意:
要执行上述命令,您必须在本地安装CLI, 使用Azure Cloud Shell在浏览器中运行它,或在Docker中运行 容器.有关安装参考,您可以查看这里
To executes above command you must need to install the CLI locally, run it in the browser with Azure Cloud Shell, or run in a Docker container. For installation reference you could see here
Powershell命令
您可以找到详细信息此处的步骤
我希望这对您预期的工作会有所帮助.让我们尝试一下.谢谢!
I hope this would be helpful what you expected to do. Let's try it out. Thank you!
这篇关于如何使用Powershell Az模块授予Azure AD应用程序访问所需权限的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!