Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Service principal privileges for app registration creation

Tags:

azure

azure-active-directory

azure-cli

service-principal

I'm using service principal as login item for azure cli. The role of this service principal is "owner".

I'm trying to run:

az ad app list

and

 az ad app create --display-name "Test application 2"

and getting error:

Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.

What role should I assign to this service principal?

like image 705
Dzior Avatar asked Oct 26 '18 13:10

Dzior

People also ask

Who can create app registration in Azure?

By default in Azure AD, all users can register applications and manage all aspects of applications they create. Everyone also has the ability to consent to apps accessing company data on their behalf.

Is a service principal the same as an app registration?

Relationship between application objects and service principals. The application object is the global representation of your application for use across all tenants, and the service principal is the local representation for use in a specific tenant.

1 Answers

Your service principal is missing permissions related to reading and writing applications in Azure AD.

  1. Go to your Azure AD, "Registered applications"
  2. Find your service principal (may need to look at all applications instead of just my)
  3. Add required permissions as shown below:

enter image description here

enter image description here

Once you've selected the right permissions and done. Please click on "Grant Permissions" because these permissions need Admin consent.

enter image description here

like image 111
Rohit Saigal Avatar answered Oct 21 '22 10:10

Rohit Saigal
Sign in to Comment

Related questions

Python script to use data from Azure Storage Blob by stream, and update blob by stream without local file reading and uploading
Azure AD B2C - MSAL JS - Refreshing token yields AADB2C90055
How can I avoid a SqlClient timeout error during execution of a C# Azure Function?
Deploy Angular 5 build:ssr on Azure
Create Key Vault certificate using ARM template
Log stream does not pick up messages
Is there a azure python sdk to retrieve application insights data?
Web App is not loading after deploying
AADSTS70007: 'query' is not a supported value of 'response_mode' when requesting a token
AAD-Authentication not working since Visual Studio 2017 update to version 15.7.4
Azure Functions Newtonsoft.Json load error
Splitting a comma separated string
Azure blob storage and container permissions
How to get an error log in Azure AD B2C tenant with correlation ID?
About checkpoint strategy in event hub processor
UserSecretsId prevents any deployment of F# ASP.NET Core app to Azure App Service
Enable/Disable AppInsights Availability Tests with Powershell Azure ARM
Azure Devops: Cannot Build an Image using NPM private registry even after setting NPM Authenticate
All Function Apps turn to Read only mode after publishing Azure function project via Visual Studio 2017
Azure Table Storage - Generic download for any type extending ITableEntity

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!