Skip to content

Weekly Permissions sync 2025-12-26#1392

Closed
marabooy wants to merge 2 commits intomasterfrom
permissions-update/2025-12-26
Closed

Weekly Permissions sync 2025-12-26#1392
marabooy wants to merge 2 commits intomasterfrom
permissions-update/2025-12-26

Conversation

@marabooy
Copy link
Copy Markdown
Contributor

@marabooy marabooy commented Dec 26, 2025

Weekly Permissions sync 2025-12-26

Copilot AI review requested due to automatic review settings December 26, 2025 00:29
@marabooy marabooy requested a review from a team as a code owner December 26, 2025 00:29
Copilot AI reviewed Dec 26, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements a weekly permissions sync that adds support for conditional access classic policies endpoints. The changes introduce new API path permissions for reading the classic policies collection and updating individual classic policy resources.

  • Adds GET permission for /identity/conditionalaccess/classicpolicies collection endpoint
  • Adds PATCH permission for /identity/conditionalaccess/classicpolicies/{id} individual resource endpoint
  • Updates both the Policy.Read.All and Policy.ReadWrite.ConditionalAccess permission scopes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread permissions/new/permissions.json
Comment on lines +37071 to +37081
{
"schemeKeys": [
"DelegatedWork"
],
"methods": [
"PATCH"
],
"paths": {
"/identity/conditionalaccess/classicpolicies/{id}": "least=DelegatedWork"
}
},
Copy link

Copilot AI Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The permissions define a PATCH method for the individual classicpolicies resource but no GET method. This is inconsistent with similar conditional access resources in this file. For example, vpnconnectivitycertificates has GET defined for both the collection and individual resources (lines 37040-37046), and namedlocations and policies have GET, PATCH, and DELETE combined for individual resources (line 36937-36950). Consider adding a GET method entry for /identity/conditionalaccess/classicpolicies/{id} to align with the established pattern and allow clients to retrieve individual classic policies after creating or updating them.

Copilot uses AI. Check for mistakes.
@jasonjoh jasonjoh closed this Jan 5, 2026
@jasonjoh jasonjoh deleted the permissions-update/2025-12-26 branch January 5, 2026 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marabooy @jasonjoh