Open pratima-cloudknox opened 4 years ago
@pratima-cloudknox Thank you for bringing this to our attention. This issue along with the other issue (https://github.com/MicrosoftDocs/azure-docs/issues/55911) are being investigated.
Checking in to see if there is an update - Can I provide any further debug information?
@Mike-Ubezzi-MSFT Any update on this ticket? Could this graph API be invoked by application without needing a delegated user permission?
Any update on this ticket? Could this graph API for PIM data read permissions be invoked by application without needing a delegated user permission?
PIM API should work with app-only permission for read only. To perform write operation / post operation, you must have delegated permission.
Currently even for Read access it needs delegated user not just for write. https://github.com/microsoftgraph/microsoft-graph-docs-contrib/issues/5448 mentions "No @maya-cnx , as the Engineer clarified and as per the docs, you do require delegated user permissions."
We are trying to use Azure PIM API with Azure Resources (NOT Azure AD). The documentation seemed to indicate we only need Application permission and it doesnt have to be delegated. https://docs.microsoft.com/en-us/graph/api/governanceroleassignment-list?view=graph-rest-beta
However we are unable to get access without using a delegated user. Also we are being forced to give PrivilegedAccess.ReadWrite.AzureResources rather than just PrivilegedAccess.Read.AzureResources --> the list API call throws an error saying it needs R/W.
@amanmcse I see that you had replied to this earlier question specifically pointing to the PIM for Azure AD roles. We are specifically trying to use PIM for Azure Resources so this should in theory not require delegated permissions?
Thank you In advance!
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.