From 13f204b4ac42d477dfc34f21992c24620183d780 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Thu, 9 Oct 2025 03:28:49 +0300 Subject: [PATCH] Weekly Permissions sync 2025-10-09 --- permissions/new/permissions.json | 49 ++++++++++++++++++++++++--- permissions/new/provisioningInfo.json | 26 ++++++-------- 2 files changed, 54 insertions(+), 21 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 73877e07..8a3bc7b3 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -16681,7 +16681,6 @@ "/users/{id}/directreports": "", "/users/{id}/joinedteams": "", "/users/{id}/licensedetails": "", - "/users/{id}/licenseDetails/getTeamsLicensingDetails": "", "/users/{id}/manager": "", "/users/{id}/memberof": "least=Application", "/users/{id}/oauth2permissiongrants": "least=DelegatedWork,Application", @@ -16730,7 +16729,8 @@ "/me/registereddevices": "", "/me/scopedrolememberof": "least=DelegatedWork", "/me/transitivememberof": "", - "/privilegedroleassignmentrequests": "least=DelegatedWork" + "/privilegedroleassignmentrequests": "least=DelegatedWork", + "/users/{id}/licenseDetails/getTeamsLicensingDetails": "" } }, { @@ -16966,7 +16966,6 @@ "/users/{id}/directreports": "", "/users/{id}/joinedteams": "", "/users/{id}/licensedetails": "", - "/users/{id}/licenseDetails/getTeamsLicensingDetails": "", "/users/{id}/memberof": "", "/users/{id}/owneddevices": "", "/users/{id}/ownedobjects": "", @@ -17108,7 +17107,8 @@ "/onpremisespublishingprofiles/applicationproxy/connectorgroups/{id}/applications": "least=DelegatedWork", "/onpremisespublishingprofiles/applicationproxy/connectors": "least=DelegatedWork", "/onpremisespublishingprofiles/applicationproxy/connectors/{id}": "least=DelegatedWork", - "/serviceprincipals": "" + "/serviceprincipals": "", + "/users/{id}/licenseDetails/getTeamsLicensingDetails": "" } }, { @@ -37378,6 +37378,14 @@ "PrivilegedAccess.Read.AzureADGroup": { "authorizationType": "oAuth2", "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read privileged access to Azure AD groups", + "adminDescription": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.", + "userDisplayName": "Read privileged access to Azure AD groups", + "userDescription": "Allows the app to read time-based assignment and just in time elevation (including scheduled elevation) of Azure AD groups in your organization, on your behalf.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + }, "Application": { "adminDisplayName": "Read privileged access to Azure AD groups", "adminDescription": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.", @@ -37397,6 +37405,19 @@ "/privilegedaccess/azureresources/resources/{id}/roleassignmentrequests": "", "/privilegedaccess/azureresources/roleassignmentrequests": "" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/identityGovernance/privilegedAccess/group/resources": "least=DelegatedWork,Application", + "/identityGovernance/privilegedAccess/group/resources/{id}": "least=DelegatedWork,Application" + } } ], "ownerInfo": { @@ -37520,6 +37541,12 @@ "userDescription": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on your behalf.", "requiresAdminConsent": true, "privilegeLevel": 4 + }, + "Application": { + "adminDisplayName": "Read and write privileged access to Azure AD groups", + "adminDescription": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 } }, "pathSets": [ @@ -37545,6 +37572,19 @@ "paths": { "/privilegedaccess/azureresources/roleassignmentrequests/{id}/cancel": "" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/identityGovernance/privilegedAccess/group/resources": "", + "/identityGovernance/privilegedAccess/group/resources/{id}": "" + } } ], "ownerInfo": { @@ -51886,7 +51926,6 @@ ], "paths": { "/users/{id}/deleteddatetime": "least=Application", - "/users/{id}/licenseDetails/getTeamsLicensingDetails": "least=Application", "/users/{id}/memberof/{id}": "least=Application", "/users/{id}/outlook/supportedlanguages": "least=Application", "/users/{id}/outlook/supportedtimezones": "least=Application", diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 3ca53d82..f3574a71 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -300,14 +300,6 @@ "isHidden": true, "isEnabled": true, "resourceAppId": "00000003-0000-0000-c000-000000000000" - }, - { - "id": "6ce0ade1-3a9a-40ba-ae13-11bf6279a04d", - "scheme": "DelegatedWork", - "environment": "PPE;public", - "isHidden": true, - "isEnabled": true, - "resourceAppId": "00000003-0000-0000-c000-000000000000" } ], "AgentIdentityBlueprint.Read.All": [ @@ -436,6 +428,16 @@ "resourceAppId": "00000003-0000-0000-c000-000000000000" } ], + "AgentIdentityBlueprintPrincipal.CreateAsManager": [ + { + "id": "c50c596a-6889-4460-acb1-3ed7c5fc142a", + "scheme": "Application", + "environment": "PPE;public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000003-0000-0000-c000-000000000000" + } + ], "AgentIdentityBlueprintPrincipal.Read.All": [ { "id": "", @@ -12799,14 +12801,6 @@ "isHidden": true, "isEnabled": true, "resourceAppId": "00000003-0000-0000-c000-00000000000" - }, - { - "id": "98f23116-27b1-42b4-814b-d258698a00b6", - "scheme": "DelegatedWork", - "environment": "PPE;public", - "isHidden": true, - "isEnabled": true, - "resourceAppId": "00000003-0000-0000-c000-000000000000" } ], "AgentIdentity.Read.All": [