entra approleassignment list
Lists app role assignments for the specified application registration
Usage
m365 entra approleassignment list [options]
Options
-i, --appId [appId]Application (client) Id of the App Registration for which the configured app roles should be retrieved
-n, --appDisplayName [appDisplayName]Display name of the application for which the configured app roles should be retrieved
--appObjectId [appObjectId]ObjectId of the application for which the configured app roles should be retrieved
-h, --help [help]Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are
options,examples,remarks,permissions,response,full. Default isoptions.--query [query]JMESPath query string. See http://jmespath.org/ for more information and examples.
-o, --output [output]Output type.
json,text,csv,md,none. Defaultjson.--verboseRuns command with verbose logging.
--debugRuns command with debug logging.
Remarks
Specify either the appId, appObjectId or appDisplayName. If you specify more than one option value, the command will fail with an error.
Permissions
- Delegated
- Application
| Resource | Permissions |
|---|---|
| Microsoft Graph | Application.Read.All |
| Resource | Permissions |
|---|---|
| Microsoft Graph | Application.Read.All |
Examples
List app roles assigned to service principal with Application (client) ID b2307a39-e878-458b-bc90-03bc578531d6.
m365 entra approleassignment list --appId b2307a39-e878-458b-bc90-03bc578531d6
List app roles assigned to service principal with Application display name MyAppName.
m365 entra approleassignment list --appDisplayName 'MyAppName'
List app roles assigned to service principal with ObjectId b2307a39-e878-458b-bc90-03bc578531dd.
m365 entra approleassignment list --appObjectId b2307a39-e878-458b-bc90-03bc578531dd
Response
- JSON
- Text
- CSV
- Markdown
[
{
"appRoleId": "810c84a8-4a9e-49e6-bf7d-12d183f40d01",
"resourceDisplayName": "Microsoft Graph",
"resourceId": "cd143b5c-7693-42ec-89fb-377e8e97a8ff",
"roleId": "810c84a8-4a9e-49e6-bf7d-12d183f40d01",
"roleName": "Mail.Read",
"created": "2023-06-01T19:10:29.7299757Z",
"deleted": null
}
]
resourceDisplayName roleName
---------------------------- --------------
Microsoft Graph Mail.Read
appRoleId,resourceDisplayName,resourceId,roleId,roleName,created
810c84a8-4a9e-49e6-bf7d-12d183f40d01,Microsoft Graph,cd143b5c-7693-42ec-89fb-377e8e97a8ff,810c84a8-4a9e-49e6-bf7d-12d183f40d01,Mail.Read,2023-06-01T19:10:29.7299757Z
# entra approleassignment list --appId "e89804ac-a571-48cf-b2ba-fd57b5d49993"
Date: 2023-06-01
Property | Value
---------|-------
appRoleId | 810c84a8-4a9e-49e6-bf7d-12d183f40d01
resourceDisplayName | Microsoft Graph
resourceId | cd143b5c-7693-42ec-89fb-377e8e97a8ff
roleId | 810c84a8-4a9e-49e6-bf7d-12d183f40d01
roleName | Mail.Read
created | 2023-06-01T19:10:29.7299757Z
More information
- Application and service principal objects in Microsoft Entra ID: https://learn.microsoft.com/azure/active-directory/develop/active-directory-application-objects