For all spo serviceprincipal permissionrequest we have an important box saying: To use this command you have to have permissions to access the tenant admin site..
This description is quite vague in my opinion. We could make it a bit clearer, something like:
For commands:
- spo serviceprincipal permissionrequest approve
- spo serviceprincipal permissionrequest deny
- spo serviceprincipal permissionrequest list
The admin role that's required to approve/deny permissions depends on the API. To approve permissions to any of the third-party APIs registered in the tenant, the application administrator role is sufficient. To approve permissions for Microsoft Graph or any other Microsoft API, the Global Administrator role is required.
For commands:
- spo serviceprincipal grant add
- spo serviceprincipal grant list
- spo serviceprincipal grant revoke
- spo serviceprincipal set
To use this command you must be a Global administrator.
!!! Let's also ensure that the important box is inside the Remarks section and not the Options section.
For all
spo serviceprincipal permissionrequestwe have an important box saying:To use this command you have to have permissions to access the tenant admin site..This description is quite vague in my opinion. We could make it a bit clearer, something like:
For commands:
The admin role that's required to approve/deny permissions depends on the API. To approve permissions to any of the third-party APIs registered in the tenant, the application administrator role is sufficient. To approve permissions for Microsoft Graph or any other Microsoft API, the Global Administrator role is required.For commands:
To use this command you must be a Global administrator.!!! Let's also ensure that the important box is inside the
Remarkssection and not theOptionssection.