Skip to main content

spo serviceprincipal grant add

Grants the service principal permission to the specified API

Usage

m365 spo serviceprincipal grant add [options]

Alias

m365 spo sp grant add

Options

-r, --resource <resource>

The name of the resource for which permissions should be granted.

-s, --scope <scope>

The name of the permission that should be granted.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, permissions, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

info

To use this command you must be a Global administrator.

Examples

Grant the service principal permission to read email using the Microsoft Graph

m365 spo serviceprincipal grant add --resource 'Microsoft Graph' --scope 'Mail.Read'

Grant the service principal permission to a custom API

m365 spo serviceprincipal grant add --resource 'contoso-api' --scope 'user_impersonation'

Response

{
  "ClientId": "6004a642-185c-479a-992a-15d1c23e2229",
  "ConsentType": "AllPrincipals",
  "IsDomainIsolated": false,
  "ObjectId": "QqYEYFwYmkeZKhXRwj4iKRcAa6TiIbFNvGnKY1dqONY",
  "PackageName": null,
  "Resource": "Microsoft Graph",
  "ResourceId": "a46b0017-21e2-4db1-bc69-ca63576a38d6",
  "Scope": "Mail.Read"
}