Skip to content

spo serviceprincipal grant add

Grants the service principal permission to the specified API


spo serviceprincipal grant add [options]


spo sp grant add


Option Description
--help output usage information
-r, --resource <resource> The name of the resource for which permissions should be granted
-s, --scope <scope> The name of the permission that should be granted
--query [query] JMESPath query string. See for more information and examples
-o, --output [output] Output type. json,text. Default text
--pretty Prettifies json output
--verbose Runs command with verbose logging
--debug Runs command with debug logging


To use this command you have to have permissions to access the tenant admin site.


Grant the service principal permission to read email using the Microsoft Graph

spo serviceprincipal grant add --resource 'Microsoft Graph' --scope 'Mail.Read'

Grant the service principal permission to a custom API

spo serviceprincipal grant add --resource 'contoso-api' --scope 'user_impersonation'