I have been testing the Azure Service Engine in Vault, where I have configured the Vault role to create a new service principal for Azure roles. This is as described in the following tutorial page:
For the original app registration, I have also added API permissions, for example the “user_impersonation” permission for “Azure Service Management”.
I noticed however, that for the new service principal being created, the permission as defined in the original app registration is not copied over to it.
Is there any additional configuration required for supporting this use case?