Weekly Permissions sync 2025-01-09

marabooy · marabooy · commit 16f7083f239c · 2025-01-09T11:31:06.000+03:00
diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
@@ -3547,7 +3547,7 @@
                 "id": "edc92e89-a987-48a9-911a-a7b1967dd7b1",
                 "scheme": "DelegatedWork",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "00000000-0000-0000-0000-000000000000"
             }
@@ -3634,14 +3634,6 @@
                 "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": ""
-            } ,
-            {
-                "id": "2d372e98-f1ae-406c-a157-2ea83f6f5e4a",
-                "scheme": "DelegatedWork",
-                "environment": "public",
-                "isHidden": true,
-                "isEnabled": true,
-                "resourceAppId": "00000000-0000-0000-0000-000000000000"
             }
         ],
         "DeviceLocalCredential.Read.All": [
@@ -4049,15 +4041,15 @@
                 "id": "0b1717ff-3e42-4a73-8c29-e6b2e1093960",
                 "scheme": "DelegatedWork",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "00000000-0000-0000-0000-000000000000"
             },
             {
                 "id": "abf6441f-0772-4932-96e7-0191478dd73a",
                 "scheme": "Application",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "00000000-0000-0000-0000-000000000000"
             }
@@ -4084,7 +4076,7 @@
                 "id": "dd9febb5-0c6d-419f-b256-3afe12c6adeb",
                 "scheme": "Application",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "00000000-0000-0000-0000-000000000000"
             }
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
@@ -10182,6 +10182,34 @@
         "ownerSecurityGroup": "afsadmins"
       }
     },
+    "Device.CreateFromOwnedTemplate": {
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Create a device from a device template owned by the signed-in user.",
+          "adminDescription": "Allows the app to create a device from a device template owned by the signed-in user.",
+          "userDisplayName": "Create a device from a device template you own.",
+          "userDescription": "Allows the app to create a device from a device template you own.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/directory/templates/deviceTemplates/{id}/createDeviceFromTemplate": "least=DelegatedWork"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "adrsmsgraph"
+      }
+    },
     "Device.Read": {
       "schemes": {
         "DelegatedWork": {
@@ -10324,6 +10352,126 @@
         "ownerSecurityGroup": "devicesapprovers"
       }
     },
+    "Device.ReadWrite.All": {
+      "schemes": {
+        "Application": {
+          "adminDisplayName": "Read and write devices",
+          "adminDescription": "Allows the app to read and write all device properties without a signed in user.  Does not allow device creation, device deletion or update of device alternative security identifiers.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/contacts/{id}/checkmembergroups": "",
+            "/contacts/{id}/checkmemberobjects": "",
+            "/contacts/{id}/getmembergroups": "",
+            "/contacts/{id}/getmemberobjects": "",
+            "/devices/{id}/checkmembergroups": "",
+            "/devices/{id}/checkmemberobjects": "",
+            "/devices/{id}/getmembergroups": "",
+            "/devices/{id}/getmemberobjects": "",
+            "/directoryobjects/{id}/checkmembergroups": "",
+            "/directoryobjects/{id}/checkmemberobjects": "",
+            "/directoryobjects/{id}/getmembergroups": "",
+            "/directoryobjects/{id}/getmemberobjects": "",
+            "/groups/{id}/checkmembergroups": "",
+            "/groups/{id}/checkmemberobjects": "",
+            "/groups/{id}/getmembergroups": "",
+            "/groups/{id}/getmemberobjects": "",
+            "/me/checkmembergroups": "",
+            "/me/checkmemberobjects": "",
+            "/me/getmembergroups": "",
+            "/me/getmemberobjects": "",
+            "/serviceprincipals/{id}/checkmembergroups": "",
+            "/serviceprincipals/{id}/checkmemberobjects": "",
+            "/serviceprincipals/{id}/getmembergroups": "",
+            "/serviceprincipals/{id}/getmemberobjects": "",
+            "/users/{id}/checkmembergroups": "",
+            "/users/{id}/checkmemberobjects": "",
+            "/users/{id}/getmembergroups": "",
+            "/users/{id}/getmemberobjects": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/devices": "",
+            "/devices(deviceid={value})/memberof": "",
+            "/devices(deviceid={value})/registeredowners": "",
+            "/devices(deviceid={value})/registeredusers": "",
+            "/devices(deviceid={value})/transitivememberof": "",
+            "/devices(deviceid={value})/usagerights": "",
+            "/devices/{id}/cloudLicensing/assignments/{id}/allotment": "",
+            "/devices/{id}/cloudLicensing/usageRights": "",
+            "/devices/{id}/cloudLicensing/usageRights/{id}": "",
+            "/devices/{id}/cloudLicensing/usageRights/{id}/assignments": "",
+            "/devices/{id}/cloudLicensing/waitingMembers": "",
+            "/devices/{id}/cloudLicensing/waitingMembers/{id}": "",
+            "/devices/{id}/cloudLicensing/waitingMembers/{id}/allotment": "",
+            "/devices/{id}/memberof": "",
+            "/devices/{id}/registeredowners": "",
+            "/devices/{id}/registeredusers": "",
+            "/devices/{id}/transitivememberof": "",
+            "/devices/{id}/usagerights": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "DELETE",
+            "GET",
+            "PATCH"
+          ],
+          "paths": {
+            "/devices(deviceid={value})": "least=Application",
+            "/devices/{id}": "least=Application",
+            "/devices/{id}/cloudLicensing/assignments/{id}": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "GET",
+            "POST"
+          ],
+          "paths": {
+            "/devices/{id}/cloudLicensing/assignments": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "PUT"
+          ],
+          "paths": {
+            "/devices/{id}/cloudLicensing/assignments/{id}/allotment/$ref": "",
+            "/devices/{id}/cloudLicensing/assignments/{id}/assignedTo/$ref": ""
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "IdentityReq"
+      }
+    },
     "DeviceLocalCredential.Read.All": {
       "schemes": {
         "DelegatedWork": {
@@ -15159,6 +15307,41 @@
         "ownerSecurityGroup": "GraphIntuneApprovers"
       }
     },
+    "DeviceTemplate.Create": {
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Create device templates.",
+          "adminDescription": "Allows the app to create device templates.",
+          "userDisplayName": "Create device templates.",
+          "userDescription": "Allows the app to create device templates on your behalf.",
+          "requiresAdminConsent": false,
+          "privilegeLevel": 3
+        },
+        "Application": {
+          "adminDisplayName": "Create device templates.",
+          "adminDescription": "Allows the app to create device templates, without a signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/directory/templates/deviceTemplates": "least=DelegatedWork,Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "adrsmsgraph"
+      }
+    },
     "DeviceTemplate.Read": {
       "schemes": {
         "DelegatedWork": {
@@ -15189,6 +15372,44 @@
         "ownerSecurityGroup": "adrsmsgraph"
       }
     },
+    "DeviceTemplate.Read.All": {
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read all device templates, their owners, and devices created from those device templates.",
+          "adminDescription": "Allows the app to read device templates, their owners, and devices created from those device templates on behalf of the signed-in user.",
+          "userDisplayName": "Read all device templates, their owners, and devices created from those device templates.",
+          "userDescription": "Allows the app to read device templates, their owners, and devices created from those device templates, on your behalf.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 2
+        },
+        "Application": {
+          "adminDisplayName": "Read all device templates, their owners, and devices created from those device templates.",
+          "adminDescription": "Allows the app to read device templates, their owners, and devices created from those device templates, without a signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/directory/templates/deviceTemplates": "least=DelegatedWork,Application",
+            "/directory/templates/deviceTemplates/{id}": "least=Application",
+            "/directory/templates/deviceTemplates/{id}/deviceinstances": "least=Application",
+            "/directory/templates/deviceTemplates/{id}/owners": "least=Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "adrsmsgraph"
+      }
+    },
     "DeviceTemplate.ReadWrite.All": {
       "schemes": {
         "DelegatedWork": {
