Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AADAccessReviewPolicy is missing required permission 'AccessReview.Read.All' for Read #5353

Closed
mpoulson opened this issue Nov 7, 2024 · 1 comment

Comments

@mpoulson
Copy link
Contributor

mpoulson commented Nov 7, 2024

Description of the issue

AADAccessReviewPolicy calls Get-MgBetaPolicyAccessReviewPolicy which has a read requirement of permission 'AccessReview.Read.All' permission.

Microsoft 365 DSC Version

V1.24.1106.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

No response

Verbose logs showing the problem

[2024/11/06 08:09:56]
{InvalidOperation}
System.Exception: [] : Attempted to perform an unauthorized operation.
"Error during Export:"
at Get-MgBetaPolicyAccessReviewPolicy, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Beta.Identity.SignIns\2.24.0\exports\ProxyCmdletDefinitions.ps1: line 27329
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.1106.1\DSCResources\MSFT_AADAccessReviewPolicy\MSFT_AADAccessReviewPolicy.psm1: line 268
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.1106.1\Modules\M365DSCReverse.psm1: line 682
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.1106.1\Modules\M365DSCUtil.psm1: line 1460

Environment Information + PowerShell Version

No response

@NikCharlebois
Copy link
Collaborator

Actually, the permissions for the resource are:

"application": {
"read": [
{
"name": "Policy.Read.All"
}
],
"update": [
{
"name": "Policy.ReadWrite.AccessReview"
}
]
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants