Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
949 questions
hi Abdulrahman Elheyb and thanks for posting this Q
u can actually use graph api for pim approvals with app-only tokens, its way more flexible here. check the graph api docs for 'list privilegedAccess' and 'roleAssignmentApproval' - they support app permissions like 'privilegedaccess.readwrite.azureresources'. u might need to tweak ur app registration in azure ad to add these permissions, but it should work like a charm )
aha, and if u're stuck with management.azure.com... yeah, thats a bummer, it really wants that user token.
btw for general stuff ... try breaking down the auth flow. sometimes mixing delegated and app permissions does the trick. also check if ur token has the right 'aud' claim - management.azure.com can be picky about that. this might help in other tools too ))
worth looking into service principals with higher privileges, but be careful, dont go wild with permissions haha. and hey, if graph api works for u, maybe just roll with it? its cleaner for app-only scenarios anyway.
let me know if its helps,
rgds,
Alex