I try assign a contributor role of subcription to a serviceprincipal using api.
Here is the information:
subcription ID:b59c6b1b-xxxxxxxxxx
serviceprincipal ID:73eb9e1e-xxxxxxxx
contributor ID: b24988ac-6180-42a0-ab88-20f7382dd24c(Azure built-in contributor role ID,I get it use 'az role definition list --query "[].{name:name, roleType:roleType, roleName:roleName}" --output tsv' by az cli.Is it right?)
I use the api like this
POST https://graph.microsoft.com/v1.0/servicePrincipals/b59c6b1b-xxxxxxxxxx/appRoleAssignedTo
Content-Type: application/json
Content-Length: 110
{
"principalId": "73eb9e1e-xxxxxxxx",
"resourceId": "b59c6b1b-xxxxxxxxxx",
"appRoleId": "b24988ac-6180-42a0-ab88-20f7382dd24c"
}
But I got the error respone like this
{
"error": {
"code": "Request_ResourceNotFound",
"innerError": {
"client-request-id": "4fed54c4-xxxxxxxxx",
"date": "2021-01-11T12:00:08",
"request-id": "4fed54c4-xxxxxxxxx"
},
"message": "Resource u0027b59c6b1b-xxxxxxxxxxxu0027 does not exist or one of its queried reference-property objects are not present."
}
}
It means that subcription didn't find by ID, in this example, I use subcription ID, I think may be I should use subcription ObjectID like other example resouce .But I don't find the method to get subcription ObjectID by using portal or api. Or maybe I fix error info into resourceID.So I want to know what infomation is I need to know to assign a contributor role of subcription to a serviceprincipal
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…