No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi Everyone - I am new to Pulumi and currently attempting to Grant Consent to app roles of an app registration but I am getting the following error message when creating the app role assignment.

Could not retrieve service principal for resource (Object ID: "{myIBjectId}"): ServicePrincipalsClient.BaseClient.Get(): unexpected status 403 with OData error: Authorization_RequestDenied: Insufficient privileges to complete the operation.

`new Pulumi.AzureAD.AppRoleAssignment(role.DisplayName, new AppRoleAssignmentArgs`
`{`
	`AppRoleId = role.Id,`
	`PrincipalObjectId = app.ObjectId,`
	`ResourceObjectId = external.Apply(x => x.ObjectId),`
`});`

The service principal used to provision the Pulumi resources has the Administrator permissions and also has the following Graph permissions:
• Application.ReadWrite.All
• AppRoleAssignment.ReadWrite.All
• Directory.ReadWrite.All
