Get-EntraServicePrincipalDelegatedPermissionClassification

Module:

Microsoft.Entra.Applications Module v1.3

Retrieve the delegated permission classification objects on a service principal.

Get-EntraServicePrincipalDelegatedPermissionClassification

 -ServicePrincipalId <String>
 [-Filter <String>]
 [-Property <String[]>]
 [<CommonParameters>]

Get-EntraServicePrincipalDelegatedPermissionClassification

 -ServicePrincipalId <String>
 -Id <String>
 [-Property <String[]>]
 [<CommonParameters>]

The Get-EntraServicePrincipalDelegatedPermissionClassification cmdlet retrieves the delegated permission classifications from a service principal.

Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraServicePrincipalDelegatedPermissionClassification -ServicePrincipalId $servicePrincipal.Id

Id Classification PermissionId PermissionName
-- -------------- ------------ --------------
bbbbbbbb-7777-8888-9999-cccccccccccc low eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All
cccccccc-8888-9999-0000-dddddddddddd low dddd3333-ee44-5555-66ff-777777aaaaaa profile

This command retrieves all delegated permission classifications from the service principal.

• -ServicePrincipalId parameter specifies the unique identifier of a service principal. Use Get-EntraServicePrincipal to get more details.

Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
$permissionClassification = Get-EntraServicePrincipalDelegatedPermissionClassification -ServicePrincipalId $servicePrincipal.Id -Filter "PermissionName eq 'Sites.Read.All'"
Get-EntraServicePrincipalDelegatedPermissionClassification -ServicePrincipalId $servicePrincipal.Id -Id $permissionClassification.Id

Id Classification PermissionId PermissionName
-- -------------- ------------ --------------
bbbbbbbb-7777-8888-9999-cccccccccccc low eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All

This command retrieves the delegated permission classification by Id from the service principal.

• -ServicePrincipalId parameter specifies the unique identifier of a service principal. Use Get-EntraServicePrincipal to get more details.
• -Id parameter specifies the delegated permission classification object Id.

Connect-Entra -Scopes 'Application.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraServicePrincipalDelegatedPermissionClassification -ServicePrincipalId $servicePrincipal.Id -Filter "PermissionName eq 'Sites.Read.All'"

Id Classification PermissionId PermissionName
-- -------------- ------------ --------------
bbbbbbbb-7777-8888-9999-cccccccccccc low eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All

This command retrieves the filtered delegated permission classifications from the service principal.

• -ServicePrincipalId parameter specifies the unique identifier of a service principal. Use Get-EntraServicePrincipal to get more details.
• -Id parameter specifies the delegated permission classification object Id.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.