如何使用Powershell Az模块授予Azure AD应用程序访问所需权限的权限 [英] How to give Azure AD application access to required permissions using powershell Az module

问题描述

我正在尝试重写Powershell脚本，该脚本创建Azure AD应用程序并为其分配权限.该脚本使用的是AzureAD模块，我想使用新的Az模块，因此可以在Linux/MacOS上运行它.

I'm trying to rewrite powershell script that creates Azure AD application and assigns permission to it. The script is using AzureAD module, I would like to use new Az module, so I can run it on Linux/MacOS.

创建新应用程序很容易(New-AzADApplication)，但是权限有问题.

Creating a new application is easy (New-AzADApplication) but I have a problem with permissions.

旧脚本正在使用此代码分配权限:

Old script is using this code to assign permissions:

#=============Graph Permissions========================
$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "df021288-bdef-4463-88db-98f22de89214","Role"

$req.ResourceAccess = $acc1
$req.ResourceAppId = "00000003-0000-0000-c000-000000000000" #Microsoft Graph   

Set-AzureADApplication -ObjectId $AppObjectId  -RequiredResourceAccess $req

但这在Linux/MacOS上不起作用.有什么办法吗?如果不是从powershell而不是使用其他方法?主要目标是从Linux运行它.

But this will not work on Linux/MacOS. Is there any way to do this? If not from powershell than maybe using some other method? The main goal is to run it from Linux.

推荐答案

Azure CLI 易于入门，最适合用于Microsoft的跨平台命令行体验，用于在macOS，Linux或Windows上管理Azure资源并从命令行运行它.

The Azure CLI is easy to get started with and best used for Microsoft's cross-platform command-line experience for managing Azure resources on macOS, Linux, or Windows and run it from the command line.

您的案件

在您的情况下，您可以尝试使用以下CLI命令获得应用程序权限:

In your case you could try with Following CLI command for application permission:

az广告应用程序权限添加--api --api-权限 - ID [-订阅]

az ad app permission add --api --api-permissions --id [--subscription]

例如

请参阅添加"登录并阅读以下用户个人资料命令:

az ad app permission add --id eeba0b46-78e5-4a1a-a1aa-cafe6c123456 --api 00000002-0000-0000-c000-000000000000 --api-permissions 311a71cc-e848-46a1-bdf8-97ff7156d8e6=Scope

必需参数

此权限

-api

--api

要访问的目标API.

-api权限

用空格分隔的=列表.

-id

标识符uri，应用程序ID或对象ID.

Identifier uri, application id, or object id.

有关CLI命令的更多详细信息，您还可以参考此处

For more details CLI command you also could refer here

注意:

要执行上述命令，您必须在本地安装CLI， 使用Azure Cloud Shell在浏览器中运行它，或在Docker中运行 容器.有关安装参考，您可以查看这里

To executes above command you must need to install the CLI locally, run it in the browser with Azure Cloud Shell, or run in a Docker container. For installation reference you could see here

Powershell命令

您可以找到详细信息此处的步骤

我希望这对您预期的工作会有所帮助.让我们尝试一下.谢谢！

I hope this would be helpful what you expected to do. Let's try it out. Thank you!

这篇关于如何使用Powershell Az模块授予Azure AD应用程序访问所需权限的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！