@pnp/cli-microsoft365 10.3.0-beta.cd20f0c → 10.3.0-beta.ea113b7

package/dist/m365/spo/commands/web/web-roleassignment-remove.js

@@ -11,6 +11,8 @@ import SpoCommand from '../../../base/SpoCommand.js';
 import commands from '../../commands.js';
 import spoGroupGetCommand from '../group/group-get.js';
 import spoUserGetCommand from '../user/user-get.js';
+import { entraGroup } from '../../../../utils/entraGroup.js';
+import { spo } from '../../../../utils/spo.js';
 class SpoWebRoleAssignmentRemoveCommand extends SpoCommand {
     get name() {
         return commands.WEB_ROLEASSIGNMENT_REMOVE;
@@ -44,15 +46,21 @@ class SpoWebRoleAssignmentRemoveCommand extends SpoCommand {
         try {
             if (options.upn) {
                 options.principalId = await this.getUserPrincipalId(options);
-                await this.removeRoleAssignmentWithOptions(logger, options);
             }
             else if (options.groupName) {
                 options.principalId = await this.getGroupPrincipalId(options);
-                await this.removeRoleAssignmentWithOptions(logger, options);
             }
-            else {
-                await this.removeRoleAssignmentWithOptions(logger, options);
+            else if (options.entraGroupId || options.entraGroupName) {
+                if (this.verbose) {
+                    await logger.logToStderr('Retrieving group information...');
+                }
+                const group = options.entraGroupId
+                    ? await entraGroup.getGroupById(options.entraGroupId)
+                    : await entraGroup.getGroupByDisplayName(options.entraGroupName);
+                const siteUser = await spo.ensureEntraGroup(options.webUrl, group);
+                options.principalId = siteUser.Id;
             }
+            await this.removeRoleAssignmentWithOptions(logger, options);
         }
         catch (err) {
             this.handleRejectedODataJsonPromise(err);
@@ -102,6 +110,8 @@ _SpoWebRoleAssignmentRemoveCommand_instances = new WeakSet(), _SpoWebRoleAssignm
             principalId: typeof args.options.principalId !== 'undefined',
             upn: typeof args.options.upn !== 'undefined',
             groupName: typeof args.options.groupName !== 'undefined',
+            entraGroupId: typeof args.options.entraGroupId !== 'undefined',
+            entraGroupName: typeof args.options.entraGroupName !== 'undefined',
             force: (!(!args.options.force)).toString()
         });
     });
@@ -114,6 +124,10 @@ _SpoWebRoleAssignmentRemoveCommand_instances = new WeakSet(), _SpoWebRoleAssignm
         option: '--upn [upn]'
     }, {
         option: '--groupName [groupName]'
+    }, {
+        option: '--entraGroupId [entraGroupId]'
+    }, {
+        option: '--entraGroupName [entraGroupName]'
     }, {
         option: '-f, --force'
     });
@@ -126,10 +140,13 @@ _SpoWebRoleAssignmentRemoveCommand_instances = new WeakSet(), _SpoWebRoleAssignm
         if (args.options.principalId && isNaN(args.options.principalId)) {
             return `Specified principalId ${args.options.principalId} is not a number`;
         }
+        if (args.options.entraGroupId && !validation.isValidGuid(args.options.entraGroupId)) {
+            return `'${args.options.entraGroupId}' is not a valid GUID for option entraGroupId.`;
+        }
         return true;
     });
 }, _SpoWebRoleAssignmentRemoveCommand_initOptionSets = function _SpoWebRoleAssignmentRemoveCommand_initOptionSets() {
-    this.optionSets.push({ options: ['principalId', 'upn', 'groupName'] });
+    this.optionSets.push({ options: ['principalId', 'upn', 'groupName', 'entraGroupId', 'entraGroupName'] });
 };
 export default new SpoWebRoleAssignmentRemoveCommand();
 //# sourceMappingURL=web-roleassignment-remove.js.map

package/dist/m365/spo/commands.js

@@ -137,6 +137,7 @@ export default {
     LIST_CONTENTTYPE_LIST: `${prefix} list contenttype list`,
     LIST_CONTENTTYPE_REMOVE: `${prefix} list contenttype remove`,
     LIST_CONTENTTYPE_DEFAULT_SET: `${prefix} list contenttype default set`,
+    LIST_DEFAULTVALUE_LIST: `${prefix} list defaultvalue list`,
     LIST_GET: `${prefix} list get`,
     LIST_LIST: `${prefix} list list`,
     LIST_REMOVE: `${prefix} list remove`,

package/dist/utils/customAppScope.js

@@ -0,0 +1,29 @@
+import { cli } from '../cli/cli.js';
+import { formatting } from './formatting.js';
+import { odata } from './odata.js';
+export const customAppScope = {
+    /**
+     * Get a custom application scope by its name
+     * @param displayName Custom application scope display name.
+     * @param properties Comma-separated list of properties to include in the response.
+     * @returns The custom application scope.
+     * @throws Error when role definition was not found.
+     */
+    async getCustomAppScopeByDisplayName(displayName, properties) {
+        let url = `https://graph.microsoft.com/beta/roleManagement/exchange/customAppScopes?$filter=displayName eq '${formatting.encodeQueryParameter(displayName)}'`;
+        if (properties) {
+            url += `&$select=${properties}`;
+        }
+        const customAppScopes = await odata.getAllItems(url);
+        if (customAppScopes.length === 0) {
+            throw `The specified custom application scope '${displayName}' does not exist.`;
+        }
+        if (customAppScopes.length > 1) {
+            const resultAsKeyValuePair = formatting.convertArrayToHashTable('id', customAppScopes);
+            const selectedCustomAppScope = await cli.handleMultipleResultsFound(`Multiple custom application scopes with name '${displayName}' found.`, resultAsKeyValuePair);
+            return selectedCustomAppScope;
+        }
+        return customAppScopes[0];
+    }
+};
+//# sourceMappingURL=customAppScope.js.map

package/dist/utils/entraServicePrincipal.js

@@ -0,0 +1,46 @@
+import { odata } from './odata.js';
+import { formatting } from './formatting.js';
+import { cli } from '../cli/cli.js';
+export const entraServicePrincipal = {
+    /**
+     * Get service principal by its appId
+     * @param appId App id.
+     * @param properties Comma-separated list of properties to include in the response.
+     * @returns The service principal.
+     * @throws Error when service principal was not found.
+     */
+    async getServicePrincipalByAppId(appId, properties) {
+        let url = `https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq '${appId}'`;
+        if (properties) {
+            url += `&$select=${properties}`;
+        }
+        const apps = await odata.getAllItems(url);
+        if (apps.length === 0) {
+            throw `Service principal with appId '${appId}' not found in Microsoft Entra ID`;
+        }
+        return apps[0];
+    },
+    /**
+     * Get service principal by its name
+     * @param appName Service principal name.
+     * @param properties Comma-separated list of properties to include in the response.
+     * @returns The service principal.
+     * @throws Error when service principal was not found.
+     */
+    async getServicePrincipalByAppName(appName, properties) {
+        let url = `https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName eq '${formatting.encodeQueryParameter(appName)}'`;
+        if (properties) {
+            url += `&$select=${properties}`;
+        }
+        const apps = await odata.getAllItems(url);
+        if (apps.length === 0) {
+            throw `Service principal with name '${appName}' not found in Microsoft Entra ID`;
+        }
+        if (apps.length > 1) {
+            const resultAsKeyValuePair = formatting.convertArrayToHashTable('id', apps);
+            return await cli.handleMultipleResultsFound(`Multiple service principals with name '${appName}' found in Microsoft Entra ID.`, resultAsKeyValuePair);
+        }
+        return apps[0];
+    }
+};
+//# sourceMappingURL=entraServicePrincipal.js.map

package/dist/utils/powerPlatform.js

@@ -1,5 +1,7 @@
+import { cli } from "../cli/cli.js";
 import request from "../request.js";
 import { formatting } from "./formatting.js";
+import { odata } from "./odata.js";
 const powerPlatformResource = 'https://api.bap.microsoft.com';
 export const powerPlatform = {
     async getDynamicsInstanceApiUrl(environment, asAdmin) {
@@ -24,6 +26,42 @@ export const powerPlatform = {
         catch (ex) {
             throw Error(`The environment '${environment}' could not be retrieved. See the inner exception for more details: ${ex.message}`);
         }
+    },
+    async getWebsiteById(environment, id) {
+        const requestOptions = {
+            url: `https://api.powerplatform.com/powerpages/environments/${environment}/websites/${id}?api-version=2022-03-01-preview`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json'
+        };
+        try {
+            const response = await request.get(requestOptions);
+            return response;
+        }
+        catch (ex) {
+            throw Error(`The specified Power Page website with id '${id}' does not exist.`);
+        }
+    },
+    async getWebsiteByName(environment, websiteName) {
+        const response = await odata.getAllItems(`https://api.powerplatform.com/powerpages/environments/${environment}/websites?api-version=2022-03-01-preview`);
+        const items = response.filter(response => response.name === websiteName);
+        if (items.length === 0) {
+            throw Error(`The specified Power Page website '${websiteName}' does not exist.`);
+        }
+        if (items.length > 1) {
+            const resultAsKeyValuePair = formatting.convertArrayToHashTable('websiteUrl', items);
+            return cli.handleMultipleResultsFound(`Multiple Power Page websites with name '${websiteName}' found`, resultAsKeyValuePair);
+        }
+        return items[0];
+    },
+    async getWebsiteByUrl(environment, url) {
+        const response = await odata.getAllItems(`https://api.powerplatform.com/powerpages/environments/${environment}/websites?api-version=2022-03-01-preview`);
+        const items = response.filter(response => response.websiteUrl === url);
+        if (items.length === 0) {
+            throw Error(`The specified Power Page website with url '${url}' does not exist.`);
+        }
+        return items[0];
     }
 };
 //# sourceMappingURL=powerPlatform.js.map

package/dist/utils/roleDefinition.js

@@ -46,6 +46,29 @@ export const roleDefinition = {
             responseType: 'json'
         };
         return await request.get(requestOptions);
+    },
+    /**
+     * Get an Exchange role by its name
+     * @param displayName Role definition display name.
+     * @param properties Comma-separated list of properties to include in the response.
+     * @returns The role definition.
+     * @throws Error when role definition was not found.
+     */
+    async getExchangeRoleDefinitionByDisplayName(displayName, properties) {
+        let url = `https://graph.microsoft.com/beta/roleManagement/exchange/roleDefinitions?$filter=displayName eq '${formatting.encodeQueryParameter(displayName)}'`;
+        if (properties) {
+            url += `&$select=${properties}`;
+        }
+        const roleDefinitions = await odata.getAllItems(url);
+        if (roleDefinitions.length === 0) {
+            throw `The specified role definition '${displayName}' does not exist.`;
+        }
+        if (roleDefinitions.length > 1) {
+            const resultAsKeyValuePair = formatting.convertArrayToHashTable('id', roleDefinitions);
+            const selectedRoleDefinition = await cli.handleMultipleResultsFound(`Multiple role definitions with name '${displayName}' found.`, resultAsKeyValuePair);
+            return selectedRoleDefinition;
+        }
+        return roleDefinitions[0];
     }
 };
 //# sourceMappingURL=roleDefinition.js.map

package/dist/utils/validation.js

@@ -357,6 +357,10 @@ export const validation = {
             .split(' ')
             .filter(permission => permission.indexOf('/') < 0);
         return invalidPermissions.length > 0 ? invalidPermissions : true;
+    },
+    isValidPowerPagesUrl(url) {
+        const powerPagesUrlPattern = /^https:\/\/[a-zA-Z0-9-]+\.powerappsportals\.com$/;
+        return powerPagesUrlPattern.test(url);
     }
 };
 //# sourceMappingURL=validation.js.map

package/docs/docs/cmd/entra/pim/pim-role-assignment-remove.mdx

@@ -0,0 +1,197 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# entra pim role assignment remove
+
+Request deactivation of an Entra role assignment for a user or group.
+
+## Usage
+
+```sh
+m365 entra pim role assignment remove [options]
+```
+
+## Options
+
+```md definition-list
+`-n, --roleDefinitionName [roleDefinitionName]`	
+: Name of the role definition that should be assigned. Specify either `roleDefinitionName` or `roleDefinitionId` but not both.
+
+`-i, --roleDefinitionId [roleDefinitionId]`	
+: Id of the role definition that is being assigned. Specify either `roleDefinitionName` or `roleDefinitionId` but not both.
+
+`--userId [userId]`	
+: Id of the user that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--userName [userName]`	
+: UPN of the user that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--groupId [groupId]`
+: Id of the group that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--groupName [groupName]`
+: Display name of the group that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--administrativeUnitId [administrativeUnitId]`
+: Id of the administrative unit representing the scope of the assignment. Specify either `administrativeUnitId` or `applicationId`. If not specified, default scope will be tenant-wide.
+
+`--applicationId [applicationId]`
+: Object Id of the application representing the scope of the assignment. Specify either `administrativeUnitId` or `applicationId`. If not specified, default scope will be tenant-wide.
+
+`-j, --justification [justification]`
+: An optional justification message.
+
+`--ticketNumber [ticketNumber]`
+: Optional ticket number value to communicate with the request.
+
+`--ticketSystem [ticketSystem]`
+: Optional ticket system to communicate with the request.
+```
+
+<Global />
+
+## Remarks
+
+:::info
+
+When deactivating a role for other users, you must be **Privileged Role Administrator**.
+
+:::
+
+## Examples
+
+Request deactivation of the SharePoint Administrator Entra role assignment for the current user.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionName 'SharePoint Administrator'
+```
+
+Request deactivation of an Entra role assignment for the current user.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690'
+```
+
+Request deactivation of an Entra role assignment for the current user with a justification
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --justification 'Need Global Admin to release application xyz to production'
+```
+
+Request deactivation of an Entra role assignment for a specified user with tenant scope.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --userId '3488d6b8-6b2e-41c3-9583-1991205323c2'
+```
+
+Request deactivation of the User Administrator Entra role assignment for a specified group with administrative unit scope.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionName 'User Administrator' --groupId '3488d6b8-6b2e-41c3-9583-1991205323c2' --administrativeUnitId '03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7'
+```
+
+Request deactivation of the Application Administrator Entra role assignment for a specified group with scope to a specific application.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionName 'Application Administrator' --groupName 'Applications admins' --applicationId '03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7'
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  {
+    "id": "3f7d1bd6-a9a5-45bc-b831-00cfa3e3c649",
+    "status": "Revoked",
+    "createdDateTime": "2024-07-30T12:08:29.7734603Z",
+    "completedDateTime": null,
+    "approvalId": null,
+    "customData": null,
+    "action": "adminRemove",
+    "principalId": "61b0c52f-a902-4769-9a09-c6628335b00a",
+    "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c",
+    "directoryScopeId": "/",
+    "appScopeId": null,
+    "isValidationOnly": false,
+    "targetScheduleId": null,
+    "justification": "Removing SharePoint Administrator role",
+    "createdBy": {
+      "application": null,
+      "device": null,
+      "user": {
+        "displayName": null,
+        "id": "893f9116-e024-4bc6-8e98-54c245129485"
+      }
+    },
+    "scheduleInfo": null,
+    "ticketInfo": {
+      "ticketNumber": null,
+      "ticketSystem": null
+    }
+  }
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  action           : adminRemove
+  appScopeId       : null
+  approvalId       : null
+  completedDateTime: null
+  createdBy        : null
+  createdDateTime  : 2024-07-30T12:08:29.7734603Z
+  customData       : null
+  directoryScopeId : /
+  id               : c221e106-0711-470a-83cf-f8d7cbc51ecd
+  isValidationOnly : false
+  justification    : Removing SharePoint Administrator role
+  principalId      : 61b0c52f-a902-4769-9a09-c6628335b00a
+  roleDefinitionId : f28a1f50-f6e7-4571-818b-6a12f2af6b6c
+  scheduleInfo     : null
+  status           : Revoked
+  targetScheduleId : c221e106-0711-470a-83cf-f8d7cbc51ecd
+  ticketInfo       : {"ticketNumber":null,"ticketSystem":null}
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,status,createdDateTime,completedDateTime,approvalId,customData,action,principalId,roleDefinitionId,directoryScopeId,appScopeId,isValidationOnly,targetScheduleId,justification
+  7d727f44-c2dd-459e-8665-99ce003d12a9,Revoked,2024-07-30T12:08:29.7734603Z,,,,adminRemove,61b0c52f-a902-4769-9a09-c6628335b00a,f28a1f50-f6e7-4571-818b-6a12f2af6b6c,/,,,7d727f44-c2dd-459e-8665-99ce003d12a9,Removing SharePoint Administrator role
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # entra pim roleassignment remove --roleDefinitionId "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" --userId "61b0c52f-a902-4769-9a09-c6628335b00a" --justification "Removing SharePoint Administrator role"
+
+  Date: 7/30/2024
+
+  ## 7622802f-648b-4dd9-820f-dccaf8bbbab5
+
+  Property | Value
+  ---------|-------
+  id | 7622802f-648b-4dd9-820f-dccaf8bbbab5
+  status | Revoked
+  createdDateTime | 2024-07-30T12:08:29.7734603Z
+  action | adminRemove
+  principalId | 61b0c52f-a902-4769-9a09-c6628335b00a
+  roleDefinitionId | f28a1f50-f6e7-4571-818b-6a12f2af6b6c
+  directoryScopeId | /
+  isValidationOnly | false
+  targetScheduleId | 7622802f-648b-4dd9-820f-dccaf8bbbab5
+  justification | Removing SharePoint Administrator role
+  ```
+
+  </TabItem>
+</Tabs>
+
+## More information
+
+- Role assignment request: https://learn.microsoft.com/graph/api/rbacapplication-post-roleassignmentschedulerequests

package/docs/docs/cmd/exo/approleassignment/approleassignment-add.mdx

@@ -0,0 +1,170 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# exo approleassignment add
+
+Grants permissions to an application that's accessing data in Exchange Online and specify which mailboxes an app can access.
+
+## Usage
+
+```sh
+m365 exo approleassignment add [options]
+```
+
+## Options
+
+```md definition-list
+`--roleDefinitionId [roleDefinitionId]`
+: Id of a role to be assigned. Specify either `roleDefinitionId` or `roleDefinitionName`, but not both.
+
+`--roleDefinitionName [roleDefinitionName]`
+: Name of a role to be assigned. Specify either `roleDefinitionId` or `roleDefinitionName`, but not both.
+
+`--principalId [principalId]`
+: Id of a service principal to which the assignment is granted. Specify either `principalId` or `principalName`, but not both.
+
+`--principalName [principalName]`
+: Name of a service principal to which the assignment is granted. Specify either `principalId` or `principalName`, but not both.
+
+`-s, --scope <scope>`	
+: Scope of the roleassignment. Allowed values are: `tenant`, `administrativeUnit`, `group`, `user`, `custom`.
+
+`--userId [userId]`	
+: Id of a user to which the assignment is scoped. Specify either `userId` or `userName` when scope is set to `user`.
+
+`--userName [userName]`
+: UPN of a user to which the assignment is scoped. Specify either `userId` or `userName` when scope is set to `user`.
+
+`--groupId [groupId]`
+: Id of a group to which the assignment is scoped. Specify either `groupId` or `groupName` when scope is set to `group`.
+
+`--groupName [groupName]`
+: Name of a group to which the assignment is scoped. Specify either `groupId` or `groupName` when scope is set to `group`.
+
+`--administrativeUnitId [administrativeUnitId]`
+: Id of an administrative unit to which the assignment is scoped. Specify either `administrativeUnitId` or `administrativeUnitName` when scope is set to `administrativeUnit`.
+
+`--administrativeUnitName [administrativeUnitName]`
+: Name of an administrative unit to which the assignment is scoped. Specify either `administrativeUnitId` or `administrativeUnitName` when scope is set to `administrativeUnit`.
+
+`--customAppScopeId [customAppScopeId]`
+: Id of a custom application scope to which the assignment is scoped. Specify either `customAppScopeId` or `customAppScopeName` when scope is set to `custom`.
+
+`--customAppScopeName [customAppScopeName]`
+: Name of a custom application scope to which the assignment is scoped. Specify either `customAppScopeId` or `customAppScopeName` when scope is set to `custom`.
+```
+
+<Global />
+
+## Remarks
+
+:::info
+
+To use this command you must be at least **Privileged Role Administrator**.
+
+:::
+
+## Examples
+
+Assign a role specified by id to a service principal specified by id and scope the assignment to the whole tenant
+
+```sh
+m365 exo approleassignment add --roleDefinitionId 777b752-f9b7-4205-a2b1-5db0d6a0ccfc --principalId 7a2ca997-9461-402e-9882-58088a370889 --scope tenant
+```
+
+Assign a role specified by id to a service principal specified by id and scope the assignment to a user specified by id
+
+```sh
+m365 exo approleassignment add --roleDefinitionId 777b752-f9b7-4205-a2b1-5db0d6a0ccfc --principalId 7a2ca997-9461-402e-9882-58088a370889 --scope user --userId a4738dd8-fc0f-4646-87fb-47539f5c651b
+```
+
+Assign a role specified by name to a service principal specified by name and scope the assignment to a group specified by name
+
+```sh
+m365 exo approleassignment add --roleDefinitionName 'Application Contacts.ReadWrite' --principalName 'ContactsSyncApp' --scope group --groupName 'Marketing'
+```
+
+Assign a role specified by name to a service principal specified by id and scope the assignment to an administrative unit specified by name
+
+```sh
+m365 exo approleassignment add --roleDefinitionName 'Application Calendars.Read' --principalId fa631c4d-ac9f-4884-a7f5-13c659d177e3 --scope administrativeUnit --administrativeUnitName 'Equipment - EMEA'
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  {
+    "id": "6615d221-3834-4f8f-bbc9-7d0d23620a8e",
+    "principalId": "/ServicePrincipals/e483a0d9-8440-455e-8f9a-b9cac6b8b0ef",
+    "roleDefinitionId": "1f704712-7d46-481f-b2cd-dbcc978c4f2a",
+    "directoryScopeId": "/",
+    "appScopeId": null
+  }
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  appScopeId      : null
+  directoryScopeId: /
+  id              : 6615d221-3834-4f8f-bbc9-7d0d23620a8e
+  principalId     : /ServicePrincipals/e483a0d9-8440-455e-8f9a-b9cac6b8b0ef
+  roleDefinitionId: 1f704712-7d46-481f-b2cd-dbcc978c4f2a
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,principalId,roleDefinitionId,directoryScopeId,appScopeId
+  6615d221-3834-4f8f-bbc9-7d0d23620a8e,/ServicePrincipals/e483a0d9-8440-455e-8f9a-b9cac6b8b0ef,1f704712-7d46-481f-b2cd-dbcc978c4f2a,/,
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # exo approleassignment add --debug "false" --verbose "false" --roleDefinitionId "1f704712-7d46-481f-b2cd-dbcc978c4f2a" --principalId "e483a0d9-8440-455e-8f9a-b9cac6b8b0ef" --scope tenant
+
+  Date: 10/3/2024
+
+  ## 6615d221-3834-4f8f-bbc9-7d0d23620a8e
+
+  Property | Value
+  ---------|-------
+  id | 6615d221-3834-4f8f-bbc9-7d0d23620a8e
+  principalId | /ServicePrincipals/e483a0d9-8440-455e-8f9a-b9cac6b8b0ef
+  roleDefinitionId | 1f704712-7d46-481f-b2cd-dbcc978c4f2a
+  directoryScopeId | /
+  ```
+
+  </TabItem>
+</Tabs>
+
+## More information
+
+- Role assignment: https://learn.microsoft.com/graph/api/rbacapplication-post-roleassignments?view=graph-rest-beta
+
+The table below lists the available roles and their corresponding ids that are accepted by the `roleDefinitionId` and `roleDefinitionName` parameters.
+
+|Role Definition Id | Role Definition Name |
+| --- | --- |
+|1f704712-7d46-481f-b2cd-dbcc978c4f2a|Application Mail.Read|
+|3eca55c8-0e73-4c12-81bf-526549f2e5a3|Application Mail.ReadBasic|
+|82fd214e-61ca-4dc7-98f6-090700bdb205|Application Mail.ReadWrite|
+|8679f4ff-c91d-40d0-809c-c86d114821a5|Application Mail.Send|
+|c40299e0-2107-455f-85dd-6e8862c3a0cc|Application MailboxSettings.Read|
+|459cb245-07c5-44f1-8133-3da40b4b6197|Application MailboxSettings.ReadWrite|
+|a3123d4e-4256-4ad0-bef0-205a00807fae|Application Calendars.Read|
+|b92761c0-5311-4908-92ca-2c1f8c71aa1c|Application Calendars.ReadWrite|
+|9b87c446-d3c1-4146-9d39-45ae63b4eeb7|Application Contacts.Read|
+|265cabb3-13d9-4e05-b2cd-460cfa7ad3cc|Application Contacts.ReadWrite|
+|b49ae303-7a8f-4ba1-aa37-27b40461aabb|Application Mail Full Access|
+|48d6a78c-0681-4d73-acec-9f9ffad56ddb|Application Exchange Full Access|
+
+More info about supported application roles: https://learn.microsoft.com/exchange/permissions-exo/application-rbac#supported-application-roles