Skip to content

Commit fd851ba

Browse files
marabooymarabooy
authored
Weekly Permissions sync 2025-10-10 (#1303)
1 parent 057950c commit fd851ba

File tree

2 files changed

+131
-28
lines changed

2 files changed

+131
-28
lines changed

permissions/new/permissions.json

Lines changed: 114 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16681,7 +16681,6 @@
1668116681
"/users/{id}/directreports": "",
1668216682
"/users/{id}/joinedteams": "",
1668316683
"/users/{id}/licensedetails": "",
16684-
"/users/{id}/licenseDetails/getTeamsLicensingDetails": "",
1668516684
"/users/{id}/manager": "",
1668616685
"/users/{id}/memberof": "least=Application",
1668716686
"/users/{id}/oauth2permissiongrants": "least=DelegatedWork,Application",
@@ -16730,7 +16729,8 @@
1673016729
"/me/registereddevices": "",
1673116730
"/me/scopedrolememberof": "least=DelegatedWork",
1673216731
"/me/transitivememberof": "",
16733-
"/privilegedroleassignmentrequests": "least=DelegatedWork"
16732+
"/privilegedroleassignmentrequests": "least=DelegatedWork",
16733+
"/users/{id}/licenseDetails/getTeamsLicensingDetails": ""
1673416734
}
1673516735
},
1673616736
{
@@ -16966,7 +16966,6 @@
1696616966
"/users/{id}/directreports": "",
1696716967
"/users/{id}/joinedteams": "",
1696816968
"/users/{id}/licensedetails": "",
16969-
"/users/{id}/licenseDetails/getTeamsLicensingDetails": "",
1697016969
"/users/{id}/memberof": "",
1697116970
"/users/{id}/owneddevices": "",
1697216971
"/users/{id}/ownedobjects": "",
@@ -17108,7 +17107,8 @@
1710817107
"/onpremisespublishingprofiles/applicationproxy/connectorgroups/{id}/applications": "least=DelegatedWork",
1710917108
"/onpremisespublishingprofiles/applicationproxy/connectors": "least=DelegatedWork",
1711017109
"/onpremisespublishingprofiles/applicationproxy/connectors/{id}": "least=DelegatedWork",
17111-
"/serviceprincipals": ""
17110+
"/serviceprincipals": "",
17111+
"/users/{id}/licenseDetails/getTeamsLicensingDetails": ""
1711217112
}
1711317113
},
1711417114
{
@@ -37378,6 +37378,14 @@
3737837378
"PrivilegedAccess.Read.AzureADGroup": {
3737937379
"authorizationType": "oAuth2",
3738037380
"schemes": {
37381+
"DelegatedWork": {
37382+
"adminDisplayName": "Read privileged access to Azure AD groups",
37383+
"adminDescription": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.",
37384+
"userDisplayName": "Read privileged access to Azure AD groups",
37385+
"userDescription": "Allows the app to read time-based assignment and just in time elevation (including scheduled elevation) of Azure AD groups in your organization, on your behalf.",
37386+
"requiresAdminConsent": true,
37387+
"privilegeLevel": 4
37388+
},
3738137389
"Application": {
3738237390
"adminDisplayName": "Read privileged access to Azure AD groups",
3738337391
"adminDescription": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.",
@@ -37397,6 +37405,19 @@
3739737405
"/privilegedaccess/azureresources/resources/{id}/roleassignmentrequests": "",
3739837406
"/privilegedaccess/azureresources/roleassignmentrequests": ""
3739937407
}
37408+
},
37409+
{
37410+
"schemeKeys": [
37411+
"DelegatedWork",
37412+
"Application"
37413+
],
37414+
"methods": [
37415+
"GET"
37416+
],
37417+
"paths": {
37418+
"/identityGovernance/privilegedAccess/group/resources": "least=DelegatedWork,Application",
37419+
"/identityGovernance/privilegedAccess/group/resources/{id}": "least=DelegatedWork,Application"
37420+
}
3740037421
}
3740137422
],
3740237423
"ownerInfo": {
@@ -37520,6 +37541,12 @@
3752037541
"userDescription": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on your behalf.",
3752137542
"requiresAdminConsent": true,
3752237543
"privilegeLevel": 4
37544+
},
37545+
"Application": {
37546+
"adminDisplayName": "Read and write privileged access to Azure AD groups",
37547+
"adminDescription": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user.",
37548+
"requiresAdminConsent": true,
37549+
"privilegeLevel": 4
3752337550
}
3752437551
},
3752537552
"pathSets": [
@@ -37545,6 +37572,19 @@
3754537572
"paths": {
3754637573
"/privilegedaccess/azureresources/roleassignmentrequests/{id}/cancel": ""
3754737574
}
37575+
},
37576+
{
37577+
"schemeKeys": [
37578+
"DelegatedWork",
37579+
"Application"
37580+
],
37581+
"methods": [
37582+
"GET"
37583+
],
37584+
"paths": {
37585+
"/identityGovernance/privilegedAccess/group/resources": "",
37586+
"/identityGovernance/privilegedAccess/group/resources/{id}": ""
37587+
}
3754837588
}
3754937589
],
3755037590
"ownerInfo": {
@@ -51886,7 +51926,6 @@
5188651926
],
5188751927
"paths": {
5188851928
"/users/{id}/deleteddatetime": "least=Application",
51889-
"/users/{id}/licenseDetails/getTeamsLicensingDetails": "least=Application",
5189051929
"/users/{id}/memberof/{id}": "least=Application",
5189151930
"/users/{id}/outlook/supportedlanguages": "least=Application",
5189251931
"/users/{id}/outlook/supportedtimezones": "least=Application",
@@ -54205,6 +54244,76 @@
5420554244
"ownerSecurityGroup": "afsdev"
5420654245
}
5420754246
},
54247+
"VerifiedId-Profile.Read.All": {
54248+
"authorizationType": "oAuth2",
54249+
"schemes": {
54250+
"DelegatedWork": {
54251+
"adminDisplayName": "Read Verified Id profiles",
54252+
"adminDescription": "This role can read Verified Id profiles in a tenant.",
54253+
"userDisplayName": "Read Verified Id profiles",
54254+
"userDescription": "This role can read Verified Id profiles in a tenant.",
54255+
"requiresAdminConsent": true,
54256+
"privilegeLevel": 3
54257+
},
54258+
"Application": {
54259+
"adminDisplayName": "Read Verified Id profiles",
54260+
"adminDescription": "This role can read Verified Id profiles in a tenant.",
54261+
"requiresAdminConsent": true,
54262+
"privilegeLevel": 4
54263+
}
54264+
},
54265+
"pathSets": [
54266+
{
54267+
"schemeKeys": [
54268+
"DelegatedWork",
54269+
"Application"
54270+
],
54271+
"methods": [
54272+
"GET"
54273+
],
54274+
"paths": {
54275+
"/identity/verifiedId/profiles": "least=DelegatedWork,Application",
54276+
"/identity/verifiedId/profiles/{id}": "least=DelegatedWork,Application"
54277+
}
54278+
}
54279+
],
54280+
"ownerInfo": {
54281+
"ownerSecurityGroup": "cred_recovery"
54282+
}
54283+
},
54284+
"VerifiedId-Profile.ReadWrite.All": {
54285+
"authorizationType": "oAuth2",
54286+
"schemes": {
54287+
"DelegatedWork": {
54288+
"adminDisplayName": "Read and write Verified Id profiles",
54289+
"adminDescription": "This role can read and write Verified Id profiles in a tenant.",
54290+
"userDisplayName": "Read and write Verified Id profiles",
54291+
"userDescription": "This role can read and write Verified Id profiles in a tenant.",
54292+
"requiresAdminConsent": true,
54293+
"privilegeLevel": 4
54294+
}
54295+
},
54296+
"pathSets": [
54297+
{
54298+
"schemeKeys": [
54299+
"DelegatedWork"
54300+
],
54301+
"methods": [
54302+
"DELETE",
54303+
"GET",
54304+
"PATCH",
54305+
"POST"
54306+
],
54307+
"paths": {
54308+
"/identity/verifiedId/profiles": "least=DelegatedWork",
54309+
"/identity/verifiedId/profiles/{id}": "least=DelegatedWork"
54310+
}
54311+
}
54312+
],
54313+
"ownerInfo": {
54314+
"ownerSecurityGroup": "cred_recovery"
54315+
}
54316+
},
5420854317
"VirtualAppointment.Read": {
5420954318
"authorizationType": "oAuth2",
5421054319
"schemes": {

permissions/new/provisioningInfo.json

Lines changed: 17 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -300,14 +300,6 @@
300300
"isHidden": true,
301301
"isEnabled": true,
302302
"resourceAppId": "00000003-0000-0000-c000-000000000000"
303-
},
304-
{
305-
"id": "6ce0ade1-3a9a-40ba-ae13-11bf6279a04d",
306-
"scheme": "DelegatedWork",
307-
"environment": "PPE;public",
308-
"isHidden": true,
309-
"isEnabled": true,
310-
"resourceAppId": "00000003-0000-0000-c000-000000000000"
311303
}
312304
],
313305
"AgentIdentityBlueprint.Read.All": [
@@ -436,6 +428,16 @@
436428
"resourceAppId": "00000003-0000-0000-c000-000000000000"
437429
}
438430
],
431+
"AgentIdentityBlueprintPrincipal.CreateAsManager": [
432+
{
433+
"id": "c50c596a-6889-4460-acb1-3ed7c5fc142a",
434+
"scheme": "Application",
435+
"environment": "PPE;public",
436+
"isHidden": true,
437+
"isEnabled": false,
438+
"resourceAppId": "00000003-0000-0000-c000-000000000000"
439+
}
440+
],
439441
"AgentIdentityBlueprintPrincipal.Read.All": [
440442
{
441443
"id": "",
@@ -12799,14 +12801,6 @@
1279912801
"isHidden": true,
1280012802
"isEnabled": true,
1280112803
"resourceAppId": "00000003-0000-0000-c000-00000000000"
12802-
},
12803-
{
12804-
"id": "98f23116-27b1-42b4-814b-d258698a00b6",
12805-
"scheme": "DelegatedWork",
12806-
"environment": "PPE;public",
12807-
"isHidden": true,
12808-
"isEnabled": true,
12809-
"resourceAppId": "00000003-0000-0000-c000-000000000000"
1281012804
}
1281112805
],
1281212806
"AgentIdentity.Read.All": [
@@ -12988,15 +12982,15 @@
1298812982
"environment": "public",
1298912983
"isHidden": false,
1299012984
"isEnabled": true,
12991-
"resourceAppId": "00000003-0000-0000-c000-00000000000"
12985+
"resourceAppId": "00000003-0000-0ff1-ce00-000000000000"
1299212986
},
1299312987
{
1299412988
"id": "f5fa52a5-b9ab-4dc3-885e-9e5b4a67068e",
1299512989
"scheme": "Application",
1299612990
"environment": "public",
1299712991
"isHidden": false,
1299812992
"isEnabled": true,
12999-
"resourceAppId": "00000003-0000-0000-c000-00000000000"
12993+
"resourceAppId": "00000003-0000-0ff1-ce00-000000000000"
1300012994
}
1300112995
],
1300212996
"SharePointCrossTenantMigration.Manage.All": [
@@ -13006,15 +13000,15 @@
1300613000
"environment": "public",
1300713001
"isHidden": false,
1300813002
"isEnabled": true,
13009-
"resourceAppId": "00000003-0000-0000-c000-00000000000"
13003+
"resourceAppId": "00000003-0000-0ff1-ce00-000000000000"
1301013004
},
1301113005
{
1301213006
"id": "a0521574-fcd8-4742-b29c-f796df57ea70",
1301313007
"scheme": "Application",
1301413008
"environment": "public",
1301513009
"isHidden": false,
1301613010
"isEnabled": true,
13017-
"resourceAppId": "00000003-0000-0000-c000-00000000000"
13011+
"resourceAppId": "00000003-0000-0ff1-ce00-000000000000"
1301813012
}
1301913013
],
1302013014
"SharePointTenantSettings.Read.All": [
@@ -17174,15 +17168,15 @@
1717417168
"id": "604b2056-41ed-4c56-aad5-1241d4ef7333",
1717517169
"scheme": "DelegatedWork",
1717617170
"environment": "public",
17177-
"isHidden": true,
17171+
"isHidden": false,
1717817172
"isEnabled": true,
1717917173
"resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6"
1718017174
},
1718117175
{
1718217176
"id": "e227c591-dd64-4a8a-a033-816167f7c938",
1718317177
"scheme": "Application",
1718417178
"environment": "public",
17185-
"isHidden": true,
17179+
"isHidden": false,
1718617180
"isEnabled": true,
1718717181
"resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6"
1718817182
}
@@ -17192,7 +17186,7 @@
1719217186
"id": "e4a9cb5e-4767-48f8-9029-decf26a54456",
1719317187
"scheme": "DelegatedWork",
1719417188
"environment": "public",
17195-
"isHidden": true,
17189+
"isHidden": false,
1719617190
"isEnabled": true,
1719717191
"resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6"
1719817192
}

0 commit comments

Comments
 (0)