Skip to content

spo serviceprincipal grant add

Grants the service principal permission to the specified API


spo serviceprincipal grant add [options]


spo sp grant add


Option Description
--help output usage information
-r, --resource <resource> The name of the resource for which permissions should be granted
-s, --scope <scope> The name of the permission that should be granted
-o, --output [output] Output type. json|text. Default text
--verbose Runs command with verbose logging
--debug Runs command with debug logging


Before using this command, log in to a SharePoint Online tenant admin site, using the spo login command.


To grant the service principal API permission, you have to first log in to a tenant admin site using the spo login command, eg. spo login


Grant the service principal permission to read email using the Microsoft Graph

spo serviceprincipal grant add --resource 'Microsoft Graph' --scope 'Mail.Read'

Grant the service principal permission to a custom API

spo serviceprincipal grant add --resource 'contoso-api' --scope 'user_impersonation'