Related to entra app permission list, but for enterprise applications / service principals
We currently have the following commands that cover listing permissions from an enterprise application / service principal:
This issue is for adding the same functionality in a more consistent way, that can in some time replace the oauthgrant and approleassignment commands.
We're also implementing a rename of entra serviceprincipal verb, which is why we're adding this in the correct command group right from the start.
Usage
m365 entra enterpriseapp permission list [options]
Description
Lists the application and delegated permissions for a specified Entra enterprise application
Options
| Option |
Description |
-i, --appId [appId] |
Client ID of the Entra enterprise app to retrieve the permissions for. Specify either appId, appName or appObjectId. |
--appObjectId [appObjectId] |
Object ID of the Entra enterprise app to retrieve the permissions for. Specify either appId, appName or appObjectId. |
-n, --appName [appName] |
Display name of the Entra enterprise app to retrieve the API permissions for. Specify either appId, appName or appObjectId. |
--type [type] |
The type of permissions to retrieve. Allowed values: delegated, application, all. Defaults to all |
Examples
Retrieves all permissions for an Entra enterprise application
m365 entra enterpriseapp permission list --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690'
Retrieves all delegated permissions for an Entra enterprise application
m365 entra enterpriseapp permission list --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --type delegated
Response
[
{
"resource": "Microsoft Graph",
"resourceId": "00000003-0000-0000-c000-000000000000",
"permission": "RecordsManagement.ReadWrite.All",
"type": "Application"
},
{
"resource": "Microsoft Graph",
"resourceId": "00000003-0000-0000-c000-000000000000",
"permission": "Sites.Read.All",
"type": "Application"
},
{
"resource": "Office 365 SharePoint Online",
"resourceId": "00000003-0000-0ff1-ce00-000000000000",
"permission": "AllSites.Read",
"type": "Delegated"
},
]Additional information
If multiple apps with the same name exist, the CLI should show a disambiguation prompt to let the user choose.
Related to entra app permission list, but for enterprise applications / service principals
We currently have the following commands that cover listing permissions from an enterprise application / service principal:
This issue is for adding the same functionality in a more consistent way, that can in some time replace the oauthgrant and approleassignment commands.
Usage
m365 entra enterpriseapp permission list [options]
Description
Lists the application and delegated permissions for a specified Entra enterprise application
Options
-i, --appId [appId]appId,appNameorappObjectId.--appObjectId [appObjectId]appId,appNameorappObjectId.-n, --appName [appName]appId,appNameorappObjectId.--type [type]delegated,application,all. Defaults toallExamples
Retrieves all permissions for an Entra enterprise application
m365 entra enterpriseapp permission list --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690'Retrieves all delegated permissions for an Entra enterprise application
m365 entra enterpriseapp permission list --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --type delegatedResponse
[ { "resource": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "permission": "RecordsManagement.ReadWrite.All", "type": "Application" }, { "resource": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "permission": "Sites.Read.All", "type": "Application" }, { "resource": "Office 365 SharePoint Online", "resourceId": "00000003-0000-0ff1-ce00-000000000000", "permission": "AllSites.Read", "type": "Delegated" }, ]Additional information
If multiple apps with the same name exist, the CLI should show a disambiguation prompt to let the user choose.