Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure PIM API Seems to require R/W permissions even for GET/Read Operations #55911

Open
pratima-cloudknox opened this issue May 28, 2020 · 2 comments
Open

Azure PIM API Seems to require R/W permissions even for GET/Read Operations #55911

pratima-cloudknox opened this issue May 28, 2020 · 2 comments
Assignees
@shauliu
Labels
cxp microsoft-graph/tech microsoft-identity-platform/prod Pri3 product-question triaged

Comments

@pratima-cloudknox
Copy link
Contributor

pratima-cloudknox commented May 28, 2020
edited by Mike-Ubezzi-MSFT

The Azure List governance Role API documentation indicates that we only need
Application | PrivilegedAccess.Read.AzureResources permission.

https://docs.microsoft.com/en-us/graph/api/governanceroleassignment-list?view=graph-rest-beta

However when actually invoking that API with just PrivilegedAccess.Read.AzureResources permission we seen an error as below - is this an issue with documentation or a product bug?

{ "error": { "code": "UnknownError", "message": "{"errorCode":"PermissionScopeNotGranted","message":"Authorization failed due to missing permission scope PrivilegedAccess.ReadWrite.AzureResources.","target":null,"details":null,"innerError":null,"instanceAnnotations":[],"typeAnnotation":null}", "innerError": { "request-id": "44bfc8bb-d502-4fb4-bd46-2855b53adf99", "date": "2020-05-11T15:51:22" } }}
io.cloudknox.plugins.azure.AzureRuntimeException: { "error": { "code": "UnknownError", "message": "{"errorCode":"PermissionScopeNotGranted","message":"Authorization failed due to missing permission scope PrivilegedAccess.ReadWrite.AzureResources.","target":null,"details":null,"innerError":null,"instanceAnnotations":[],"typeAnnotation":null}", "innerError": { "request-id": "44bfc8bb-d502-4fb4-bd46-2855b53adf99", "date": "2020-05-11T15:51:22" } }}

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
@Mike-Ubezzi-MSFT
Copy link
Contributor

@pratima-cloudknox Thank you for bringing this to our attention. I will have the content team review the documentation and if the documentation requires an update, have a PR submitted to correctly reflect the necessary permissions.

@Mike-Ubezzi-MSFT Mike-Ubezzi-MSFT mentioned this issue May 29, 2020
Open
@Fodsuk
Copy link

Fodsuk commented May 19, 2023

any news on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shauliu shauliu

Labels
cxp microsoft-graph/tech microsoft-identity-platform/prod Pri3 product-question triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Fodsuk @PRMerger6 @PRMerger10 @Mike-Ubezzi-MSFT @shauliu @pratima-cloudknox