Skip to content

Commit cd50cce

Browse files
rolyonrolyon
committed
Update roles and permissions
1 parent 151083b commit cd50cce

File tree

1 file changed

+47
-1
lines changed

1 file changed

+47
-1
lines changed

articles/active-directory/roles/permissions-reference.md

Lines changed: 47 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
99
ms.workload: identity
1010
ms.subservice: roles
1111
ms.topic: reference
12-
ms.date: 08/29/2023
12+
ms.date: 10/03/2023
1313
ms.author: rolyon
1414
ms.reviewer: abhijeetsinha
1515
ms.custom: generated, it-pro, fasttrack-edit
@@ -1006,6 +1006,16 @@ This is a [privileged role](privileged-roles-permissions.md). Users with this ro
10061006
> | microsoft.directory/deletedItems/delete | Permanently delete objects, which can no longer be restored |
10071007
> | microsoft.directory/deletedItems/restore | Restore soft deleted objects to original state |
10081008
> | microsoft.directory/devices/allProperties/allTasks | Create and delete devices, and read and update all properties |
1009+
> | microsoft.directory/multiTenantOrganization/basic/update | Update basic properties of a multi-tenant organization |
1010+
> | microsoft.directory/multiTenantOrganization/create | Create a multi-tenant organization |
1011+
> | microsoft.directory/multiTenantOrganization/joinRequest/organizationDetails/update | Join a multi-tenant organization |
1012+
> | microsoft.directory/multiTenantOrganization/joinRequest/standard/read | Read properties of a multi-tenant organization join request |
1013+
> | microsoft.directory/multiTenantOrganization/standard/read | Read basic properties of a multi-tenant organization |
1014+
> | microsoft.directory/multiTenantOrganization/tenants/organizationDetails/update | Update basic properties of a tenant participating in a multi-tenant organization |
1015+
> | microsoft.directory/multiTenantOrganization/tenants/create | Create a tenant in a multi-tenant organization |
1016+
> | microsoft.directory/multiTenantOrganization/tenants/delete | Delete a tenant participating in a multi-tenant organization |
1017+
> | microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read | Read organization details of a tenant participating in a multi-tenant organization |
1018+
> | microsoft.directory/multiTenantOrganization/tenants/standard/read | Read basic properties of a tenant participating in a multi-tenant organization |
10091019
> | microsoft.directory/namedLocations/create | Create custom rules that define network locations |
10101020
> | microsoft.directory/namedLocations/delete | Delete custom rules that define network locations |
10111021
> | microsoft.directory/namedLocations/standard/read | Read basic properties of custom rules that define network locations |
@@ -1049,6 +1059,12 @@ This is a [privileged role](privileged-roles-permissions.md). Users with this ro
10491059
> | microsoft.directory/crossTenantAccessPolicy/partners/create | Create cross-tenant access policy for partners |
10501060
> | microsoft.directory/crossTenantAccessPolicy/partners/delete | Delete cross-tenant access policy for partners |
10511061
> | microsoft.directory/crossTenantAccessPolicy/partners/standard/read | Read basic properties of cross-tenant access policy for partners |
1062+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/basic/update | Update cross tenant sync policy templates for multi-tenant organization |
1063+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/resetToDefaultSettings | Reset cross tenant sync policy template for multi-tenant organization to default settings |
1064+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read | Read basic properties of cross tenant sync policy templates for multi-tenant organization |
1065+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/basic/update | Update cross tenant access policy templates for multi-tenant organization |
1066+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/resetToDefaultSettings | Reset cross tenant access policy template for multi-tenant organization to default settings |
1067+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read | Read basic properties of cross tenant access policy templates for multi-tenant organization |
10521068
> | microsoft.directory/crossTenantAccessPolicy/partners/b2bCollaboration/update | Update Microsoft Entra B2B collaboration settings of cross-tenant access policy for partners |
10531069
> | microsoft.directory/crossTenantAccessPolicy/partners/b2bDirectConnect/update | Update Microsoft Entra B2B direct connect settings of cross-tenant access policy for partners |
10541070
> | microsoft.directory/crossTenantAccessPolicy/partners/crossCloudMeetings/update | Update cross-cloud Teams meeting settings of cross-tenant access policy for partners |
@@ -1072,6 +1088,7 @@ This is a [privileged role](privileged-roles-permissions.md). Users with this ro
10721088
> | microsoft.directory/signInReports/allProperties/read | Read all properties on sign-in reports, including privileged properties |
10731089
> | microsoft.directory/subscribedSkus/allProperties/allTasks | Buy and manage subscriptions and delete subscriptions |
10741090
> | microsoft.directory/users/allProperties/allTasks | Create and delete users, and read and update all properties<br/>[![Privileged label icon.](./media/permissions-reference/privileged-label.png)](privileged-roles-permissions.md) |
1091+
> | microsoft.directory/users/convertExternalToInternalMemberUser | Convert external user to internal user |
10751092
> | microsoft.directory/permissionGrantPolicies/create | Create permission grant policies |
10761093
> | microsoft.directory/permissionGrantPolicies/delete | Delete permission grant policies |
10771094
> | microsoft.directory/permissionGrantPolicies/standard/read | Read standard properties of permission grant policies |
@@ -1213,9 +1230,15 @@ Users with this role **cannot** do the following:
12131230
> | microsoft.directory/crossTenantAccessPolicy/standard/read | Read basic properties of cross-tenant access policy |
12141231
> | microsoft.directory/crossTenantAccessPolicy/default/standard/read | Read basic properties of the default cross-tenant access policy |
12151232
> | microsoft.directory/crossTenantAccessPolicy/partners/standard/read | Read basic properties of cross-tenant access policy for partners |
1233+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read | Read basic properties of cross tenant sync policy templates for multi-tenant organization |
1234+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read | Read basic properties of cross tenant access policy templates for multi-tenant organization |
12161235
> | microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read | Read basic properties of cross-tenant sync policy |
12171236
> | microsoft.directory/deviceManagementPolicies/standard/read | Read standard properties on device management application policies |
12181237
> | microsoft.directory/deviceRegistrationPolicy/standard/read | Read standard properties on device registration policies |
1238+
> | microsoft.directory/multiTenantOrganization/joinRequest/standard/read | Read properties of a multi-tenant organization join request |
1239+
> | microsoft.directory/multiTenantOrganization/standard/read | Read basic properties of a multi-tenant organization |
1240+
> | microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read | Read organization details of a tenant participating in a multi-tenant organization |
1241+
> | microsoft.directory/multiTenantOrganization/tenants/standard/read | Read basic properties of a tenant participating in a multi-tenant organization |
12191242
> | microsoft.directory/privilegedIdentityManagement/allProperties/read | Read all resources in Privileged Identity Management |
12201243
> | microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs |
12211244
> | microsoft.directory/roleAssignments/allProperties/read | Read all properties of role assignments |
@@ -2120,6 +2143,12 @@ Azure Advanced Threat Protection | Monitor and respond to suspicious security ac
21202143
> | microsoft.directory/crossTenantAccessPolicy/partners/create | Create cross-tenant access policy for partners |
21212144
> | microsoft.directory/crossTenantAccessPolicy/partners/delete | Delete cross-tenant access policy for partners |
21222145
> | microsoft.directory/crossTenantAccessPolicy/partners/standard/read | Read basic properties of cross-tenant access policy for partners |
2146+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/basic/update | Update cross tenant sync policy templates for multi-tenant organization |
2147+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/resetToDefaultSettings | Reset cross tenant sync policy template for multi-tenant organization to default settings |
2148+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read | Read basic properties of cross tenant sync policy templates for multi-tenant organization |
2149+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/basic/update | Update cross tenant access policy templates for multi-tenant organization |
2150+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/resetToDefaultSettings | Reset cross tenant access policy template for multi-tenant organization to default settings |
2151+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read | Read basic properties of cross tenant access policy templates for multi-tenant organization |
21232152
> | microsoft.directory/crossTenantAccessPolicy/partners/b2bCollaboration/update | Update Microsoft Entra B2B collaboration settings of cross-tenant access policy for partners |
21242153
> | microsoft.directory/crossTenantAccessPolicy/partners/b2bDirectConnect/update | Update Microsoft Entra B2B direct connect settings of cross-tenant access policy for partners |
21252154
> | microsoft.directory/crossTenantAccessPolicy/partners/crossCloudMeetings/update | Update cross-cloud Teams meeting settings of cross-tenant access policy for partners |
@@ -2136,6 +2165,16 @@ Azure Advanced Threat Protection | Monitor and respond to suspicious security ac
21362165
> | microsoft.directory/entitlementManagement/allProperties/read | Read all properties in Microsoft Entra entitlement management |
21372166
> | microsoft.directory/identityProtection/allProperties/read | Read all resources in Microsoft Entra ID Protection |
21382167
> | microsoft.directory/identityProtection/allProperties/update | Update all resources in Microsoft Entra ID Protection<br/>[![Privileged label icon.](./media/permissions-reference/privileged-label.png)](privileged-roles-permissions.md) |
2168+
> | microsoft.directory/multiTenantOrganization/basic/update | Update basic properties of a multi-tenant organization |
2169+
> | microsoft.directory/multiTenantOrganization/create | Create a multi-tenant organization |
2170+
> | microsoft.directory/multiTenantOrganization/joinRequest/organizationDetails/update | Join a multi-tenant organization |
2171+
> | microsoft.directory/multiTenantOrganization/joinRequest/standard/read | Read properties of a multi-tenant organization join request |
2172+
> | microsoft.directory/multiTenantOrganization/standard/read | Read basic properties of a multi-tenant organization |
2173+
> | microsoft.directory/multiTenantOrganization/tenants/organizationDetails/update | Update basic properties of a tenant participating in a multi-tenant organization |
2174+
> | microsoft.directory/multiTenantOrganization/tenants/create | Create a tenant in a multi-tenant organization |
2175+
> | microsoft.directory/multiTenantOrganization/tenants/delete | Delete a tenant participating in a multi-tenant organization |
2176+
> | microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read | Read organization details of a tenant participating in a multi-tenant organization |
2177+
> | microsoft.directory/multiTenantOrganization/tenants/standard/read | Read basic properties of a tenant participating in a multi-tenant organization |
21392178
> | microsoft.directory/namedLocations/create | Create custom rules that define network locations |
21402179
> | microsoft.directory/namedLocations/delete | Delete custom rules that define network locations |
21412180
> | microsoft.directory/namedLocations/standard/read | Read basic properties of custom rules that define network locations |
@@ -2239,6 +2278,12 @@ In | Can do
22392278
> | microsoft.directory/conditionalAccessPolicies/standard/read | Read conditional access for policies |
22402279
> | microsoft.directory/conditionalAccessPolicies/owners/read | Read the owners of conditional access policies |
22412280
> | microsoft.directory/conditionalAccessPolicies/policyAppliedTo/read | Read the "applied to" property for conditional access policies |
2281+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read | Read basic properties of cross tenant sync policy templates for multi-tenant organization |
2282+
> | microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read | Read basic properties of cross tenant access policy templates for multi-tenant organization |
2283+
> | microsoft.directory/multiTenantOrganization/joinRequest/standard/read | Read properties of a multi-tenant organization join request |
2284+
> | microsoft.directory/multiTenantOrganization/standard/read | Read basic properties of a multi-tenant organization |
2285+
> | microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read | Read organization details of a tenant participating in a multi-tenant organization |
2286+
> | microsoft.directory/multiTenantOrganization/tenants/standard/read | Read basic properties of a tenant participating in a multi-tenant organization |
22422287
> | microsoft.directory/privilegedIdentityManagement/allProperties/read | Read all resources in Privileged Identity Management |
22432288
> | microsoft.directory/provisioningLogs/allProperties/read | Read all properties of provisioning logs |
22442289
> | microsoft.directory/signInReports/allProperties/read | Read all properties on sign-in reports, including privileged properties |
@@ -2516,6 +2561,7 @@ Users with this role **cannot** do the following:
25162561
> | microsoft.directory/servicePrincipals/appRoleAssignedTo/update | Update service principal role assignments |
25172562
> | microsoft.directory/users/assignLicense | Manage user licenses |
25182563
> | microsoft.directory/users/create | Add users<br/>[![Privileged label icon.](./media/permissions-reference/privileged-label.png)](privileged-roles-permissions.md) |
2564+
> | microsoft.directory/users/convertExternalToInternalMemberUser | Convert external user to internal user |
25192565
> | microsoft.directory/users/delete | Delete users<br/>[![Privileged label icon.](./media/permissions-reference/privileged-label.png)](privileged-roles-permissions.md) |
25202566
> | microsoft.directory/users/disable | Disable users<br/>[![Privileged label icon.](./media/permissions-reference/privileged-label.png)](privileged-roles-permissions.md) |
25212567
> | microsoft.directory/users/enable | Enable users<br/>[![Privileged label icon.](./media/permissions-reference/privileged-label.png)](privileged-roles-permissions.md) |

0 commit comments

Comments
 (0)