entra approleassignment list

Lists app role assignments for the specified application registration

Usage

m365 entra approleassignment list [options]

Alias

m365 aad approleassignment list [options]

Options

-i, --appId [appId]

Application (client) Id of the App Registration for which the configured app roles should be retrieved

-n, --appDisplayName [appDisplayName]

Display name of the application for which the configured app roles should be retrieved

--appObjectId [appObjectId]

ObjectId of the application for which the configured app roles should be retrieved

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

Specify either the appId, appObjectId or appDisplayName. If you specify more than one option value, the command will fail with an error.

Examples

List app roles assigned to service principal with Application (client) ID b2307a39-e878-458b-bc90-03bc578531d6.

m365 entra approleassignment list --appId b2307a39-e878-458b-bc90-03bc578531d6

List app roles assigned to service principal with Application display name MyAppName.

m365 entra approleassignment list --appDisplayName 'MyAppName'

List app roles assigned to service principal with ObjectId b2307a39-e878-458b-bc90-03bc578531dd.

m365 entra approleassignment list --appObjectId b2307a39-e878-458b-bc90-03bc578531dd

Response

JSON

[
  {
    "appRoleId": "810c84a8-4a9e-49e6-bf7d-12d183f40d01",
    "resourceDisplayName": "Microsoft Graph",
    "resourceId": "cd143b5c-7693-42ec-89fb-377e8e97a8ff",
    "roleId": "810c84a8-4a9e-49e6-bf7d-12d183f40d01",
    "roleName": "Mail.Read",
    "created": "2023-06-01T19:10:29.7299757Z",
    "deleted": null
  }
]

Text

resourceDisplayName           roleName
----------------------------  --------------
Microsoft Graph               Mail.Read

CSV

appRoleId,resourceDisplayName,resourceId,roleId,roleName,created
810c84a8-4a9e-49e6-bf7d-12d183f40d01,Microsoft Graph,cd143b5c-7693-42ec-89fb-377e8e97a8ff,810c84a8-4a9e-49e6-bf7d-12d183f40d01,Mail.Read,2023-06-01T19:10:29.7299757Z

Markdown

# entra approleassignment list --appId "e89804ac-a571-48cf-b2ba-fd57b5d49993"

Date: 2023-06-01

Property | Value
---------|-------
appRoleId | 810c84a8-4a9e-49e6-bf7d-12d183f40d01
resourceDisplayName | Microsoft Graph
resourceId | cd143b5c-7693-42ec-89fb-377e8e97a8ff
roleId | 810c84a8-4a9e-49e6-bf7d-12d183f40d01
roleName | Mail.Read
created | 2023-06-01T19:10:29.7299757Z

More information

• Application and service principal objects in Microsoft Entra ID: https://learn.microsoft.com/azure/active-directory/develop/active-directory-application-objects