User Profile
Qonnect
Copper Contributor
Joined 6 years ago
User Widgets
Recent Discussions
servicePrincipals?$expand=appRoleAssignedTo incomplete result
For an inventory script, I use servicePrincipals?$expand=appRoleAssignedTo to get all serviceprinciples including "approleassignedTo" info. To make an inventory of the approle assignments, I loop through all apps (~2250) and for each app, I loop through approles, and foreach approle I loop through appRoleAssignedTo data. In my environment this results in ~3000 approle assignments. When I analyze the result, I estimate 5% of role assignments are missing. I do see all roles, just not all roleassignments. When I look up a missing assignments in the Entra portal I do see them. The missing role assignment aren't special, they are assigned to normal Entra ID groups like other assigned approles. When I rerun the script, the same assignments are missing each time. When I don't use $expand query parameter, but query the data directly using 'servicePrincipals/{id}/appRoleAssignedTo', I do get all assignments. Did I run into a bug?333Views0likes3Commentsunresolvable roledefinitionId in roleEligibilitySchedules
I query roleManagement/directory/roleEligibilitySchedules to make an inventory of all assigned Entra ID roles through Priviledged Identity Management. Each role assignment has a property RoleDefinitionId, which refers to the id of the Entra ID role (a list I got from roleManagement/directory/roleDefinitions, it includes custom roles). My problem is that a RoleDefinitionId can only be found for builtin roles, not for custom roles. A custom role has a Guid that cannot be found/resolved anywhere it seems. Is this a bug ? Or am I missing something? Cheers, SemSolved343Views0likes4Comments