Forum Discussion
servicePrincipals?$expand=appRoleAssignedTo incomplete result
For an inventory script, I use servicePrincipals?$expand=appRoleAssignedTo to get all serviceprinciples including "approleassignedTo" info. To make an inventory of the approle assignments, I loop th...
$expand has known limitations, it returns 20 to 100 entries max. See for example here: https://developer.microsoft.com/en-us/graph/known-issues/?search=13635
Thanks for your answer!
sorry for the double post on the other forum, i couldn't remove it there.
I think this is the place for an issue like this.
back to the issue:
I added a counter to assignedroles for each app to the inventory script, to see if the max i got was 20. Weirdly enough it wasn't, from 250 apps with roles assigned, 10% of them had more 20 than assingedTo entries (up to 160).
The app where i noticed first some assignments were missing showed 10, but had 13 assignedTo entries in reality.
The limit in the documentation isn't as hard is it is stated it seems and with the app with only 13 assignments still missing some, it might be a different issue.
I'll dig a bit deeper to see if I can find the difference for all role assignment between $expand and direct query data.
performance is quite important to me, if i can find the lowest number of assignments that is correct, I'll trust that number, everything above I query directly.
ill share my findings here.
or did I overlook something?
sorry for the double post on the other forum, i couldn't remove it there.
I think this is the place for an issue like this.
back to the issue:
I added a counter to assignedroles for each app to the inventory script, to see if the max i got was 20. Weirdly enough it wasn't, from 250 apps with roles assigned, 10% of them had more 20 than assingedTo entries (up to 160).
The app where i noticed first some assignments were missing showed 10, but had 13 assignedTo entries in reality.
The limit in the documentation isn't as hard is it is stated it seems and with the app with only 13 assignments still missing some, it might be a different issue.
I'll dig a bit deeper to see if I can find the difference for all role assignment between $expand and direct query data.
performance is quite important to me, if i can find the lowest number of assignments that is correct, I'll trust that number, everything above I query directly.
ill share my findings here.
or did I overlook something?