Priority

(Medium) I'm annoyed but I'll live

Description

I had approximately 20 permissions granted for the Microsoft Graph resource. My intention was to remove a specific permission using the m365 spo serviceprincipal grant revoke --id {ObjectId} command. However, it removed all 20 permissions instead. I believe this could be a misunderstanding, as the command requires the ObjectId as a parameter, and all permissions for the specific resource have the same ObjectId (I noticed it only while reproducing the bug). Therefore, it may not necessarily be a bug, but rather a misunderstanding in how the command is understood and used, particularly when combined with the m365 spo serviceprincipal grant list command. Nevertheless, considering that I have granted a specific permission to a resource, I should be able to delete only that particular permission.

Steps to reproduce

• Login to CLI
• Grant service principal permissions using the below:

m365 spo serviceprincipal grant add --resource 'Microsoft Graph' --scope 'User.Read.All'
m365 spo serviceprincipal grant add --resource 'Microsoft Graph' --scope 'Mail.Read'

• List permissions and pick up the ObjectId for Mail.Read

m365 spo serviceprincipal grant list

• Revoke permission

m365 spo serviceprincipal grant revoke --id I6-sC-jI3Uu37C1NtmZqA0SVQmWC1_RCvP7NnEv1Zus

Expected results

It should remove only the Mail.Read permission from the Microsoft Graph resource

Actual results

It removes both the scopes User.Read.All and Mail.Read from Microsoft Graph resource.

Diagnostics

debug.txt

CLI for Microsoft 365 version

v6.9.0

nodejs version

v18.16.0

Operating system (environment)

Windows

Shell

PowerShell

cli doctor

clidoctor.txt

Additional Info

No response