| author | Jackson-Woods |
|---|---|
| ms.topic | include |
Important
For delegated access using work or school accounts, the admin must be assigned a supported Microsoft Entra role or a custom role that grants the permissions required for this operation. This operation supports the following built-in roles, which provide only the least privilege necessary:
- For multitenant apps:
- Application Administrator
- Cloud Application Administrator
- For single-tenant apps where the calling user is a nonadmin user but is the owner of the backing application, the user must have the Application Developer role.