# getting-started


02/21/2024, 12:18 PM
Hi Everyone - I am new to Pulumi and currently attempting to Grant Consent to app roles of an app registration but I am getting the following error message when creating the app role assignment. Could not retrieve service principal for resource (Object ID: "{myIBjectId}"): ServicePrincipalsClient.BaseClient.Get(): unexpected status 403 with OData error: Authorization_RequestDenied: Insufficient privileges to complete the operation.
new Pulumi.AzureAD.AppRoleAssignment(role.DisplayName, new AppRoleAssignmentArgs
AppRoleId = role.Id,
PrincipalObjectId = app.ObjectId,
ResourceObjectId = external.Apply(x => x.ObjectId),
The service principal used to provision the Pulumi resources has the Administrator permissions and also has the following Graph permissions: • Application.ReadWrite.All • AppRoleAssignment.ReadWrite.All • Directory.ReadWrite.All