alfredodeza/grant-service-principal-permissions.sh

## grant-service-principal-permissions.sh
#!/bin/bash
set -x

# Get all users
USERS=`az ad user list -o tsv --query "[].id"`

# Grant them the Azure Active Directory built-in role (not an Azure role!)
# The cf1c3... id comes from https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
# Specifically, it is the Application Developer role which has the "Template ID" in that table
for USER in $USERS; do
    echo "Granting SP to $USER"
    az rest --method POST \
      --uri 'https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments' \
      --body '{"principalId": "'"${USER}"'", "roleDefinitionId": "cf1c38e5-3621-4004-a7cb-879624dced7c", "directoryScopeId": "/"}'
done

# Most of the heavy lifting on this from this article
# https://medium.com/medialesson/assigning-azure-built-in-roles-vs-azure-ad-built-in-roles-with-azure-cli-d1cbf56fcdbe
	#!/bin/bash
	set -x

	# Get all users
	USERS=`az ad user list -o tsv --query "[].id"`

	# Grant them the Azure Active Directory built-in role (not an Azure role!)
	# The cf1c3... id comes from https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
	# Specifically, it is the Application Developer role which has the "Template ID" in that table
	for USER in $USERS; do
	echo "Granting SP to $USER"
	az rest --method POST \
	--uri 'https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments' \
	--body '{"principalId": "'"${USER}"'", "roleDefinitionId": "cf1c38e5-3621-4004-a7cb-879624dced7c", "directoryScopeId": "/"}'
	done

	# Most of the heavy lifting on this from this article
	# https://medium.com/medialesson/assigning-azure-built-in-roles-vs-azure-ad-built-in-roles-with-azure-cli-d1cbf56fcdbe