Skip to content

Commit 9fadbf1

Browse files
PRMerger20PRMerger20
authored
Merge pull request #93845 from psignoret/phsignor-approles-fix
Fix who can grant application permissions
2 parents 1f51740 + 79dd117 commit 9fadbf1

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/active-directory/develop/v1-permissions-and-consent.md

100644100755
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ Azure Active Directory (Azure AD) makes extensive use of permissions for both OA
3434
Azure AD defines two kinds of permissions:
3535

3636
* **Delegated permissions** - Are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to an API. Depending on the API, the user may not be able to consent to the API directly and would instead [require an administrator to provide "admin consent"](/azure/active-directory/develop/active-directory-devhowto-multi-tenant-overview).
37-
* **Application permissions** - Are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be [consented by an administrator](/azure/active-directory/develop/active-directory-v2-scopes#requesting-consent-for-an-entire-tenant) because they are typically powerful and allow access to data across user-boundaries, or data that would otherwise be restricted to administrators.
37+
* **Application permissions** - Are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be [consented to by administrators](/azure/active-directory/develop/active-directory-v2-scopes#requesting-consent-for-an-entire-tenant) because they are typically powerful and allow access to data across user-boundaries, or data that would otherwise be restricted to administrators. Users who are defined as owners of the resource application (i.e. the API which publishes the permissions) are also allowed to grant application permissions for the APIs they own.
3838

3939
Effective permissions are the permissions that your app will have when making requests to an API.
4040

0 commit comments

Comments
 (0)