starred/CIPP
1
0
Fork 0
mirror of https://github.com/KelvinTegelaar/CIPP.git synced 2026-04-25 08:16:01 +03:00
Code Issues 20 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #3989] [Bug]: Deploying multiple multitenant Apps in one standard Fails to apply permissions #1793

New issue
Closed
opened 2026-03-02 13:47:07 +03:00 by kerem · 4 comments
kerem commented 2026-03-02 13:47:07 +03:00
Owner
Copy link

Originally created by @mruiterHU on GitHub (Apr 18, 2025).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/3989

Required confirmations before submitting

  • I can reproduce this issue on the latest released versions of both CIPP and CIPP-API.
  • I have searched existing issues (both open and closed) to avoid duplicates.
  • I am not requesting general support; this is an actual bug report.

Issue Description

We have two multitenant applications originating from our partner tenant, each serving a different use case. Until now, we’ve been deploying them using two separate standards:

  • One standard with Deploy Application X
  • Another standard with Deploy Application Y

This setup works as expected, both apps are successfully deployed to the target tenants with the correct permissions (see screenshot for reference).

The Issue
We would now like to reorganize and consolidate these into a single standard that deploys both applications. According to the documentation, this should be possible by using a comma-separated list of App IDs in the standard.

Image

However, when running the standard with both App IDs:

  • The service principals are created in the target tenant.
  • But the permissions are not applied.
  • Re-running the standard has no effect — permissions remain missing.
  • The following error is shown in the logbook (see attached screenshot):
    Failed to add app (appid). Error: Invalid object identifier 'oauth2PermissionGrants'.

Image

rvdwegen suggested the issue might be related to how $AppExists is handled in the script.

Additional Information

  • Both applications are multitenant apps created in our partner tenant.
  • They’ve been in use for several months via their own individual standards.
  • When deployed individually, they are added with the correct permissions no issues.
  • The problem only occurs when combining both apps into one standard using the comma-separated list.

Image

sponsering via: https://github.com/hypecipp

Environment Type

Sponsored (paying) user

Front End Version

7.5.1

Back End Version

7.5.1

Relevant Logs / Stack Trace
Originally created by @mruiterHU on GitHub (Apr 18, 2025). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/3989 ### Required confirmations before submitting - [x] **I can reproduce this issue on the latest released versions** of both CIPP and CIPP-API. - [x] **I have searched existing issues** (both open and closed) to avoid duplicates. - [x] I am **not** requesting general support; this is an actual bug report. ### Issue Description We have two multitenant applications originating from our partner tenant, each serving a different use case. Until now, we’ve been deploying them using two separate standards: - One standard with Deploy Application X - Another standard with Deploy Application Y This setup works as expected, both apps are successfully deployed to the target tenants with the correct permissions (see screenshot for reference). **The Issue** We would now like to reorganize and consolidate these into a single standard that deploys both applications. According to the documentation, this should be possible by using a comma-separated list of App IDs in the standard. ![Image](https://github.com/user-attachments/assets/2868016d-0547-4e12-8f49-c45e2845574f) However, when running the standard with both App IDs: - The service principals are created in the target tenant. - But the permissions are not applied. - Re-running the standard has no effect — permissions remain missing. - The following error is shown in the logbook (see attached screenshot): Failed to add app (appid). Error: Invalid object identifier 'oauth2PermissionGrants'. ![Image](https://github.com/user-attachments/assets/921ca71e-d0ac-4431-a6b9-8b77e21b748c) rvdwegen suggested the issue might be related to how $AppExists is handled in the script. **Additional Information** - Both applications are multitenant apps created in our partner tenant. - They’ve been in use for several months via their own individual standards. - When deployed individually, they are added with the correct permissions no issues. - The problem only occurs when combining both apps into one standard using the comma-separated list. ![Image](https://github.com/user-attachments/assets/4cba9e4d-8e44-4c96-a8dd-9aa2876ec2ab) sponsering via: https://github.com/hypecipp ### Environment Type Sponsored (paying) user ### Front End Version 7.5.1 ### Back End Version 7.5.1 ### Relevant Logs / Stack Trace ```plaintext ```
kerem commented 2026-03-02 13:47:08 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Apr 18, 2025):

Thank you for reporting a potential bug. If you would like to work on this bug, please comment:

I would like to work on this please!

Thank you for helping us maintain the project!

<!-- gh-comment-id:2815286244 --> @github-actions[bot] commented on GitHub (Apr 18, 2025): Thank you for reporting a potential bug. If you would like to work on this bug, please comment: > I would like to work on this please! Thank you for helping us maintain the project!
kerem commented 2026-03-02 13:47:09 +03:00
Author
Owner
Copy link

@ndit-dev commented on GitHub (Apr 18, 2025):

+1 started deploying two apps through standards today, first app worked as expected. But get the same error as OP when the second app is added

<!-- gh-comment-id:2815667906 --> @ndit-dev commented on GitHub (Apr 18, 2025): +1 started deploying two apps through standards today, first app worked as expected. But get the same error as OP when the second app is added
kerem commented 2026-03-02 13:47:09 +03:00
Author
Owner
Copy link

@Zacgoose commented on GitHub (May 2, 2025):

+1 as well, might have a look into this if I get time

<!-- gh-comment-id:2847619565 --> @Zacgoose commented on GitHub (May 2, 2025): +1 as well, might have a look into this if I get time
kerem commented 2026-03-02 13:47:09 +03:00
Author
Owner
Copy link

@KelvinTegelaar commented on GitHub (May 28, 2025):

We've made massive changes to how this works, fixed in dev, but I recommend switching over to templates instead of comma separated :)

<!-- gh-comment-id:2916043210 --> @KelvinTegelaar commented on GitHub (May 28, 2025): We've made massive changes to how this works, fixed in dev, but I recommend switching over to templates instead of comma separated :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
docs
dev
dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42
dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2
dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0
dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2
dependabot/npm_and_yarn/dev/recharts-3.8.1
dependabot/github_actions/dev/actions/setup-node-6.4.0
copilot/add-alert-for-report-only-ca
release/beta
release/nightly
docs-maintenance
v10.4.0
v10.3.0
v10.2.0
v10.1.0
v10.0.0
v8.8.0
v8.7.0
v8.6.0
v8.5.0
v8.4.0
v8.3.0
v8.2.0
v8.1.0
v8.0.0
v7.5.0
v7.4.0
v7.3.0
v7.2.0
v7.1.0
v7.0.1
v6.4.0
v6.3.0
v6.2.0
v6.1.0
v6.0.0
v5.9.0
v5.8.5
v5.8.0
v5.7.0
v5.6.0
v5.5.0
v5.4.0
v5.3.0
v5.2.0
v5.1.0
v5.0.0
v4.9.0
v4.8.0
v4.7.0
v.4.6.0
v4.5.0
v4.4.0
v4.3.0
v4.2.0
v4.1.0
v4.0.0
v3.8.0
v3.7.0
v3.6.0
v3.5.0
v3.4.0
v3.3.0
v3.2.0
v3.1.0
v3.0.0
v2.20.0
v2.19.0
v2.18.0
v2.17.0
v2.16.0
v2.15.0
v2.13.0
v2.12.0
v2.11.2
v2.1.11.0
v.2.10.0
v2.9.0
v2.8.0
v2.7.0
v2.6.0
v2.5.5
v2.5.0
v2.4.0
v.2.3.0
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.1
2.0.0
v1.5.1
v1.5.0
v1.4.3
v1.4.2
v1.4.0
v1.3.0
v1.2.1
v1.2.0
1.1.0
release
Labels
Clear labels   
API

   
Feature

   
NotABug

   
NotABug

   
Planned

   
Sponsor Priority

   
Sponsor Priority

   
bug

   
documentation

   
duplicate

   
enhancement

   
needs more info

   
no-activity

   
no-priority

   
not-assigned

   
pull-request

Mirrored from GitHub Pull Request

  
react-conversion

   
react-conversion

   
roadmap

   
security

   
stale

   
unconfirmed-by-user

   
unconfirmed-by-user

   
wontfix
No labels
API
Feature
NotABug
NotABug
Planned
Sponsor Priority
Sponsor Priority
bug
documentation
duplicate
enhancement
needs more info
no-activity
no-priority
not-assigned
pull-request
react-conversion
react-conversion
roadmap
security
stale
unconfirmed-by-user
unconfirmed-by-user
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/CIPP#1793
No description provided.