The Azure List governance Role API documentation indicates that we only need
Application | PrivilegedAccess.Read.AzureResources permission.
https://docs.microsoft.com/en-us/graph/api/governanceroleassignment-list?view=graph-rest-beta
However when actually invoking that API with just PrivilegedAccess.Read.AzureResources permission we seen an error as below - is this an issue with documentation or a product bug?
{ "error": { "code": "UnknownError", "message": "{\"errorCode\":\"PermissionScopeNotGranted\",\"message\":\"Authorization failed due to missing permission scope PrivilegedAccess.ReadWrite.AzureResources.\",\"target\":null,\"details\":null,\"innerError\":null,\"instanceAnnotations\":[],\"typeAnnotation\":null}", "innerError": { "request-id": "44bfc8bb-d502-4fb4-bd46-2855b53adf99", "date": "2020-05-11T15:51:22" } }}
io.cloudknox.plugins.azure.AzureRuntimeException: { "error": { "code": "UnknownError", "message": "{\"errorCode\":\"PermissionScopeNotGranted\",\"message\":\"Authorization failed due to missing permission scope PrivilegedAccess.ReadWrite.AzureResources.\",\"target\":null,\"details\":null,\"innerError\":null,\"instanceAnnotations\":[],\"typeAnnotation\":null}", "innerError": { "request-id": "44bfc8bb-d502-4fb4-bd46-2855b53adf99", "date": "2020-05-11T15:51:22" } }}
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
@pratima-cloudknox Thank you for bringing this to our attention. I will have the content team review the documentation and if the documentation requires an update, have a PR submitted to correctly reflect the necessary permissions.
Most helpful comment
@pratima-cloudknox Thank you for bringing this to our attention. I will have the content team review the documentation and if the documentation requires an update, have a PR submitted to correctly reflect the necessary permissions.