Merge pull request #48590 from abhijeetsinha/patch-2

ktoliver · web-flow · commit 6f5d49bbec29 · 2020-02-24T13:36:50.000-08:00
Updated documentation with lower privileged roles
diff --git a/articles/active-directory/users-groups-roles/roles-delegate-by-task.md b/articles/active-directory/users-groups-roles/roles-delegate-by-task.md
@@ -42,14 +42,14 @@ Task | Least privileged role | Additional roles
 Create Azure AD B2C directories | All non-guest users ([see documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/users-default-permissions)) | 
 Create B2C applications | Global Administrator | 
 Create enterprise applications | Cloud Application Administrator | Application Administrator
-Create, read, update, and delete B2C policies | Global Administrator | 
-Create, read, update, and delete identity providers | Global Administrator | 
-Create, read, update, and delete password reset user flows | Global Administrator | 
-Create, read, update, and delete profile editing user flows | Global Administrator | 
-Create, read, update, and delete sign-in user flows | Global Administrator | 
-Create, read, update, and delete sign-up user flow |Global Administrator | 
-Create, read, update, and delete user attributes | Global Administrator | 
-Create, read, update, and delete users | Global Administrator ([see documentation](https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-faqs))
+Create, read, update, and delete B2C policies | B2C IEF Policy Administrator | 
+Create, read, update, and delete identity providers | External Identity Provider Administrator | 
+Create, read, update, and delete password reset user flows | B2C User Flow Administrator | 
+Create, read, update, and delete profile editing user flows | B2C User Flow Administrator | 
+Create, read, update, and delete sign-in user flows | B2C User Flow Administrator | 
+Create, read, update, and delete sign-up user flow |B2C User Flow Administrator | 
+Create, read, update, and delete user attributes | B2C User Flow Attribute Administrator | 
+Create, read, update, and delete users | User Administrator
 Read all configuration | Global reader | 
 Read B2C audit logs | Global reader ([see documentation](https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-faqs)) | 
 
@@ -124,7 +124,7 @@ Task | Least privileged role | Additional roles
 ---- | --------------------- | ----------------
 Consent to any delegated permissions | Cloud application administrator | Application administrator
 Consent to application permissions not including Microsoft Graph | Cloud application administrator | Application administrator
-Consent to application permissions to Microsoft Graph | Global Administrator | 
+Consent to application permissions to Microsoft Graph | Privileged Role Administrator | 
 Consent to applications accessing own data | Default user role ([see documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/users-default-permissions)) | 
 Create enterprise application | Cloud application administrator | Application administrator
 Manage Application Proxy | Application administrator | 
@@ -153,7 +153,7 @@ Assign license | User administrator |
 Create group | User administrator | 
 Create, update, or delete access review of a group or of an app | User administrator | 
 Manage group expiration | User administrator | 
-Manage group settings | Global Administrator | 
+Manage group settings | Groups Administrator | User Administrator | 
 Read all configuration (except hidden membership) | Directory readers | Default user role ([see documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/users-default-permissions))
 Read hidden membership | Group member | Group owner, Password administrator, Exchange administrator, SharePoint administrator, Teams administrator, User administrator
 Read membership of groups with hidden membership | Helpdesk Administrator | User administrator, Teams administrator
@@ -231,7 +231,7 @@ Read server status | Global reader |
 
 Task | Least privileged role | Additional roles
 ---- | --------------------- | ----------------
-Manage identity providers | Global Administrator | 
+Manage identity providers | External Identity Provider Administrator | 
 Manage settings | Global Administrator | 
 Manage terms of use | Global Administrator | 
 Read all configuration | Global reader | 
@@ -327,11 +327,11 @@ Create user | User administrator |
 Delete users | User administrator | 
 Invalidate refresh tokens of limited admins (see documentation) | User administrator | 
 Invalidate refresh tokens of non-admins (see documentation) | Password administrator | User administrator
-Invalidate refresh tokens of privileged admins (see documentation) | Global Administrator | 
+Invalidate refresh tokens of privileged admins (see documentation) | Privileged Authentication Administrator | 
 Read basic configuration | Default User role ([see documentation](https://docs.microsoft.com/azure/active-directory/fundamentals/users-default-permissions) | 
 Reset password for limited admins (see documentation) | User administrator | 
 Reset password of non-admins (see documentation) | Password administrator | User administrator
-Reset password of privileged admins | Global Administrator | 
+Reset password of privileged admins | Privileged Authentication Administrator | 
 Revoke license | License administrator | User administrator
 Update all properties except User Principal Name | User administrator | 
 Update User Principal Name for limited admins (see documentation) | User administrator | 
