用于创建应用程序注册的服务主体特权 [英] Service principal privileges for app registration creation

问题描述

我正在使用服务主体作为azure cli的登录项.该服务主体的角色是所有者".

I'm using service principal as login item for azure cli. The role of this service principal is "owner".

我正在尝试运行:

az ad app list

和

 az ad app create --display-name "Test application 2" 

并出现错误:

当前用户需要目录权限才能注册 应用.有关配置方法，请参阅 ' https://docs.microsoft.com/zh-CN/azure/azure-resource-manager/resource-group-create-service-principal-portal ". 原始错误:权限不足，无法完成操作.

Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.

我应该为此服务负责人分配什么角色?

What role should I assign to this service principal?

推荐答案

您的服务主体缺少与在Azure AD中读写应用程序相关的权限.

Your service principal is missing permissions related to reading and writing applications in Azure AD.

1. 转到您的Azure AD已注册的应用程序"
2. 找到您的服务主体(可能需要查看所有应用程序而不仅仅是我的应用程序)
3. 添加所需的权限，如下所示:

选择正确的权限并完成操作.请点击授予权限"，因为这些权限需要管理员的同意.

Once you've selected the right permissions and done. Please click on "Grant Permissions" because these permissions need Admin consent.

这篇关于用于创建应用程序注册的服务主体特权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！