From 36d4404ee404ae6c742214a74fef0fc136349ff3 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Wed, 20 May 2026 03:43:21 +0300 Subject: [PATCH] Weekly Permissions sync 2026-05-20 --- permissions/new/permissions.json | 202 +++++++++++++++++++++++++- permissions/new/provisioningInfo.json | 98 +++++++++++-- 2 files changed, 285 insertions(+), 15 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index cb445358..f66d7da1 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -4071,23 +4071,23 @@ "schemes": { "DelegatedWork": { "adminDisplayName": "Read and write all applications", - "adminDescription": "Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants.", + "adminDescription": "Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Allows management of app role assignments, except those exposed by Microsoft Graph. Does not allow management of delegated permission grants.", "userDisplayName": "Read and write applications", - "userDescription": "Allows the app to create, read, update and delete applications and service principals on your behalf. Does not allow management of consent grants.", + "userDescription": "Allows the app to create, read, update and delete applications and service principals on your behalf. Allows management of app role assignments, except those exposed by Microsoft Graph. Does not allow management of delegated permission grants.", "requiresAdminConsent": true, "privilegeLevel": 4 }, "DelegatedPersonal": { "adminDisplayName": "Read and write all applications", - "adminDescription": "Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants.", + "adminDescription": "Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Allows management of app role assignments, except those exposed by Microsoft Graph. Does not allow management of delegated permission grants.", "userDisplayName": "Read and write applications", - "userDescription": "Allows the app to create, read, update and delete applications and service principals on your behalf. Does not allow management of consent grants.", + "userDescription": "Allows the app to create, read, update and delete applications and service principals on your behalf. Allows management of app role assignments, except those exposed by Microsoft Graph. Does not allow management of delegated permission grants.", "requiresAdminConsent": true, "privilegeLevel": 4 }, "Application": { "adminDisplayName": "Read and write all applications", - "adminDescription": "Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants.", + "adminDescription": "Allows the app to create, read, update and delete applications and service principals without a signed-in user. Allows management of app role assignments, except those exposed by Microsoft Graph. Does not allow management of delegated permission grants.", "requiresAdminConsent": true, "privilegeLevel": 4 } @@ -4471,6 +4471,36 @@ "paths": { "/serviceTreeAttributionServices": "least=DelegatedWork" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/serviceprincipals(appid={value})/approleassignedto": "", + "/serviceprincipals(appid={value})/approleassignments": "", + "/serviceprincipals/{id}/approleassignedto": "", + "/serviceprincipals/{id}/approleassignments": "" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "DELETE" + ], + "paths": { + "/serviceprincipals(appid={value})/approleassignedto/{id}": "", + "/serviceprincipals(appid={value})/approleassignments/{id}": "", + "/serviceprincipals/{id}/approleassignedto/{id}": "", + "/serviceprincipals/{id}/approleassignments/{id}": "" + } } ], "ownerInfo": { @@ -24706,6 +24736,7 @@ "paths": { "/drives/{id}/items/{id}/follow": "least=DelegatedWork", "/drives/{id}/items/{id}/preview": "least=DelegatedWork", + "/drives/{id}/querycortexitemsnippetsinbatch": "least=DelegatedWork", "/groups/{id}/drive/items/{id}/follow": "least=DelegatedWork", "/groups/{id}/drive/items/{id}/preview": "least=DelegatedWork", "/me/drive/items/{id}/follow": "least=DelegatedWork", @@ -25054,6 +25085,7 @@ "/drives/{id}/items/{id}/extractsensitivitylabels": "least=DelegatedWork,Application", "/drives/{id}/items/{id}/follow": "least=Application", "/drives/{id}/items/{id}/preview": "least=Application", + "/drives/{id}/querycortexitemsnippetsinbatch": "least=Application", "/drives/{id}/root:/{id}/extractsensitivitylabels": "", "/groups/{id}/drive/items/{id}/extractsensitivitylabels": "least=DelegatedWork,Application", "/groups/{id}/drive/items/{id}/follow": "least=Application", @@ -25208,6 +25240,17 @@ } }, "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "POST" + ], + "paths": { + "/drives/{id}/querycortexitemsnippetsinbatch": "" + } + }, { "schemeKeys": [ "DelegatedPersonal" @@ -27116,6 +27159,7 @@ "/drives/{id}/items/{id}/follow": "", "/drives/{id}/items/{id}/permissions/{id}/revokegrants": "least=Application", "/drives/{id}/items/{id}/preview": "", + "/drives/{id}/querycortexitemsnippetsinbatch": "", "/drives/{id}/root:/{id}/assignsensitivitylabel": "least=DelegatedWork,Application", "/drives/{id}/root:/{id}/extractsensitivitylabels": "least=DelegatedWork,Application", "/groups/{id}/drive/items/{id}/assignsensitivitylabel": "least=DelegatedWork,Application", @@ -29619,6 +29663,152 @@ "ownerSecurityGroup": "ihxhealth" } }, + "IdentityNotifications.Read.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read identity notification settings and templates", + "adminDescription": "Allows the app to read identity notification settings, email templates, and prerequisites on behalf of the signed-in user.", + "userDisplayName": "Read identity notification settings and templates", + "userDescription": "Allows the app to read identity notification settings and email templates that you have access to.", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Read all identity notification settings and templates", + "adminDescription": "Allows the app to read identity notification settings, email templates, and prerequisites without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/admin/identityAdminNotifications": "least=DelegatedWork,Application", + "/admin/identityAdminNotifications/emailTemplates": "least=DelegatedWork,Application", + "/admin/identityAdminNotifications/emailTemplates/{id}": "least=DelegatedWork,Application", + "/admin/identityAdminNotifications/emailTemplates/{id}/localizations": "least=DelegatedWork,Application", + "/admin/identityAdminNotifications/emailTemplates/{id}/localizations/{id}": "least=DelegatedWork,Application" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/admin/identityAdminNotifications/emailTemplates/{id}/preview": "least=DelegatedWork,Application", + "/admin/identityAdminNotifications/getPrerequisites": "least=DelegatedWork,Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "iganotificationdev" + } + }, + "IdentityNotifications.ReadWrite.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read and write identity notification settings and templates", + "adminDescription": "Allows the app to read and write identity notification settings, customize email templates, and send test emails on behalf of the signed-in user.", + "userDisplayName": "Read and write identity notification settings and templates", + "userDescription": "Allows the app to read and write identity notification settings and customize email templates that you have access to.", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Read and write all identity notification settings and templates", + "adminDescription": "Allows the app to read and write identity notification settings, customize email templates, and send test emails without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/admin/identityAdminNotifications": "", + "/admin/identityAdminNotifications/emailTemplates": "", + "/admin/identityAdminNotifications/emailTemplates/{id}": "", + "/admin/identityAdminNotifications/emailTemplates/{id}/localizations": "", + "/admin/identityAdminNotifications/emailTemplates/{id}/localizations/{id}": "" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "PATCH" + ], + "paths": { + "/admin/identityAdminNotifications": "least=DelegatedWork,Application", + "/admin/identityAdminNotifications/emailTemplates/{id}": "least=DelegatedWork,Application" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "PUT" + ], + "paths": { + "/admin/identityAdminNotifications/emailTemplates/{id}/localizations/{id}": "least=DelegatedWork,Application" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "DELETE" + ], + "paths": { + "/admin/identityAdminNotifications/emailTemplates/{id}/localizations/{id}": "least=DelegatedWork,Application" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/admin/identityAdminNotifications/emailTemplates/{id}/preview": "", + "/admin/identityAdminNotifications/emailTemplates/{id}/resetToDefault": "least=DelegatedWork,Application", + "/admin/identityAdminNotifications/emailTemplates/{id}/sendTest": "least=DelegatedWork,Application", + "/admin/identityAdminNotifications/getPrerequisites": "", + "/admin/identityAdminNotifications/sendTestEmail": "least=DelegatedWork,Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "iganotificationdev" + } + }, "IdentityProvider.Read.All": { "authorizationType": "oAuth2", "schemes": { @@ -48206,6 +48396,7 @@ "/drives/{id}/items/{id}/extractsensitivitylabels": "", "/drives/{id}/items/{id}/follow": "", "/drives/{id}/items/{id}/preview": "", + "/drives/{id}/querycortexitemsnippetsinbatch": "", "/drives/{id}/root:/{id}/extractsensitivitylabels": "", "/groups/{id}/drive/items/{id}/extractsensitivitylabels": "", "/groups/{id}/drive/items/{id}/follow": "", @@ -48629,6 +48820,7 @@ "/drives/{id}/items/{id}/versions/{id}/restoreversion": "", "/drives/{id}/items/{id}/versions/{id}/streams/{id}": "", "/drives/{id}/items/{id}/versions/{id}/streams/{id}/appendContent": "", + "/drives/{id}/querycortexitemsnippetsinbatch": "", "/drives/{id}/root:/{id}/assignsensitivitylabel": "", "/drives/{id}/root:/{id}/extractsensitivitylabels": "", "/groups/{id}/drive/items/{id}/assignsensitivitylabel": "", diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 5d71ee6a..67f8dd27 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -7626,33 +7626,37 @@ ], "IdentityNotifications.Read.All": [ { + "id": "59cd3e28-aa9c-4f72-a734-1b592eb06853", "scheme": "DelegatedWork", "environment": "PPE;public", - "isHidden": true, - "isEnabled": false, + "isHidden": false, + "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, { + "id": "52ced3dd-dbb6-41a0-9ce5-61a056be97b8", "scheme": "Application", "environment": "PPE;public", - "isHidden": true, - "isEnabled": false, + "isHidden": false, + "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], "IdentityNotifications.ReadWrite.All": [ { + "id": "c9c9fdea-4ecc-4d82-a2ea-3feff3489275", "scheme": "DelegatedWork", "environment": "PPE;public", - "isHidden": true, - "isEnabled": false, + "isHidden": false, + "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, { + "id": "d9fe7b9f-cb27-4289-9cb4-54debd9d3c25", "scheme": "Application", "environment": "PPE;public", - "isHidden": true, - "isEnabled": false, + "isHidden": false, + "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], @@ -7764,6 +7768,52 @@ "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978" } ], + "IdentityVerification.Read": [ + { + "id": "", + "scheme": "DelegatedWork", + "environment": "", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6" + } + ], + "IdentityVerification.Read.All": [ + { + "id": "", + "scheme": "DelegatedWork", + "environment": "", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6" + }, + { + "id": "", + "scheme": "Application", + "environment": "", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6" + } + ], + "IdentityVerification.ReadWrite.All": [ + { + "id": "", + "scheme": "DelegatedWork", + "environment": "", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6" + }, + { + "id": "", + "scheme": "Application", + "environment": "", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6" + } + ], "IdentityRiskEvent.Read.All": [ { "id": "8f6a01e7-0391-4ee5-aa22-a3af122cef27", @@ -8560,6 +8610,24 @@ "resourceAppId": "" } ], + "MS-BrandingMigration.ReadWrite.All": [ + { + "id": "", + "scheme": "Application", + "environment": "", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + }, + { + "id": "", + "scheme": "DelegatedWork", + "environment": "", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } + ], "MS-NotificationDeliveryStatus.Read": [ { "id": "27be99ba-126e-4761-b2f5-c57f031ed705", @@ -15003,7 +15071,7 @@ "scheme": "DelegatedWork", "environment": "", "isHidden": true, - "isEnabled": true, + "isEnabled": false, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, { @@ -15011,7 +15079,7 @@ "scheme": "Application", "environment": "", "isHidden": true, - "isEnabled": true, + "isEnabled": false, "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], @@ -17671,6 +17739,16 @@ "resourceAppId": "" } ], + "User-CredentialAssertions.ReadWrite.All": [ + { + "id": "", + "scheme": "Application", + "environment": "", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } + ], "User-CrossDomainData.ReadWrite.All": [ { "id": "d2bd5d7e-4c94-4c62-b532-33347501a8f7",