diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 73877e07..24b9792b 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -16681,7 +16681,6 @@ "/users/{id}/directreports": "", "/users/{id}/joinedteams": "", "/users/{id}/licensedetails": "", - "/users/{id}/licenseDetails/getTeamsLicensingDetails": "", "/users/{id}/manager": "", "/users/{id}/memberof": "least=Application", "/users/{id}/oauth2permissiongrants": "least=DelegatedWork,Application", @@ -16730,7 +16729,8 @@ "/me/registereddevices": "", "/me/scopedrolememberof": "least=DelegatedWork", "/me/transitivememberof": "", - "/privilegedroleassignmentrequests": "least=DelegatedWork" + "/privilegedroleassignmentrequests": "least=DelegatedWork", + "/users/{id}/licenseDetails/getTeamsLicensingDetails": "" } }, { @@ -16966,7 +16966,6 @@ "/users/{id}/directreports": "", "/users/{id}/joinedteams": "", "/users/{id}/licensedetails": "", - "/users/{id}/licenseDetails/getTeamsLicensingDetails": "", "/users/{id}/memberof": "", "/users/{id}/owneddevices": "", "/users/{id}/ownedobjects": "", @@ -17108,7 +17107,8 @@ "/onpremisespublishingprofiles/applicationproxy/connectorgroups/{id}/applications": "least=DelegatedWork", "/onpremisespublishingprofiles/applicationproxy/connectors": "least=DelegatedWork", "/onpremisespublishingprofiles/applicationproxy/connectors/{id}": "least=DelegatedWork", - "/serviceprincipals": "" + "/serviceprincipals": "", + "/users/{id}/licenseDetails/getTeamsLicensingDetails": "" } }, { @@ -37378,6 +37378,14 @@ "PrivilegedAccess.Read.AzureADGroup": { "authorizationType": "oAuth2", "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read privileged access to Azure AD groups", + "adminDescription": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.", + "userDisplayName": "Read privileged access to Azure AD groups", + "userDescription": "Allows the app to read time-based assignment and just in time elevation (including scheduled elevation) of Azure AD groups in your organization, on your behalf.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + }, "Application": { "adminDisplayName": "Read privileged access to Azure AD groups", "adminDescription": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.", @@ -37397,6 +37405,19 @@ "/privilegedaccess/azureresources/resources/{id}/roleassignmentrequests": "", "/privilegedaccess/azureresources/roleassignmentrequests": "" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/identityGovernance/privilegedAccess/group/resources": "least=DelegatedWork,Application", + "/identityGovernance/privilegedAccess/group/resources/{id}": "least=DelegatedWork,Application" + } } ], "ownerInfo": { @@ -37520,6 +37541,12 @@ "userDescription": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on your behalf.", "requiresAdminConsent": true, "privilegeLevel": 4 + }, + "Application": { + "adminDisplayName": "Read and write privileged access to Azure AD groups", + "adminDescription": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 } }, "pathSets": [ @@ -37545,6 +37572,19 @@ "paths": { "/privilegedaccess/azureresources/roleassignmentrequests/{id}/cancel": "" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/identityGovernance/privilegedAccess/group/resources": "", + "/identityGovernance/privilegedAccess/group/resources/{id}": "" + } } ], "ownerInfo": { @@ -51886,7 +51926,6 @@ ], "paths": { "/users/{id}/deleteddatetime": "least=Application", - "/users/{id}/licenseDetails/getTeamsLicensingDetails": "least=Application", "/users/{id}/memberof/{id}": "least=Application", "/users/{id}/outlook/supportedlanguages": "least=Application", "/users/{id}/outlook/supportedtimezones": "least=Application", @@ -54205,6 +54244,76 @@ "ownerSecurityGroup": "afsdev" } }, + "VerifiedId-Profile.Read.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read Verified Id profiles", + "adminDescription": "This role can read Verified Id profiles in a tenant.", + "userDisplayName": "Read Verified Id profiles", + "userDescription": "This role can read Verified Id profiles in a tenant.", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Read Verified Id profiles", + "adminDescription": "This role can read Verified Id profiles in a tenant.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/identity/verifiedId/profiles": "least=DelegatedWork,Application", + "/identity/verifiedId/profiles/{id}": "least=DelegatedWork,Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "cred_recovery" + } + }, + "VerifiedId-Profile.ReadWrite.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read and write Verified Id profiles", + "adminDescription": "This role can read and write Verified Id profiles in a tenant.", + "userDisplayName": "Read and write Verified Id profiles", + "userDescription": "This role can read and write Verified Id profiles in a tenant.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "DELETE", + "GET", + "PATCH", + "POST" + ], + "paths": { + "/identity/verifiedId/profiles": "least=DelegatedWork", + "/identity/verifiedId/profiles/{id}": "least=DelegatedWork" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "cred_recovery" + } + }, "VirtualAppointment.Read": { "authorizationType": "oAuth2", "schemes": { diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 3ca53d82..717842eb 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -300,14 +300,6 @@ "isHidden": true, "isEnabled": true, "resourceAppId": "00000003-0000-0000-c000-000000000000" - }, - { - "id": "6ce0ade1-3a9a-40ba-ae13-11bf6279a04d", - "scheme": "DelegatedWork", - "environment": "PPE;public", - "isHidden": true, - "isEnabled": true, - "resourceAppId": "00000003-0000-0000-c000-000000000000" } ], "AgentIdentityBlueprint.Read.All": [ @@ -436,6 +428,16 @@ "resourceAppId": "00000003-0000-0000-c000-000000000000" } ], + "AgentIdentityBlueprintPrincipal.CreateAsManager": [ + { + "id": "c50c596a-6889-4460-acb1-3ed7c5fc142a", + "scheme": "Application", + "environment": "PPE;public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000003-0000-0000-c000-000000000000" + } + ], "AgentIdentityBlueprintPrincipal.Read.All": [ { "id": "", @@ -12799,14 +12801,6 @@ "isHidden": true, "isEnabled": true, "resourceAppId": "00000003-0000-0000-c000-00000000000" - }, - { - "id": "98f23116-27b1-42b4-814b-d258698a00b6", - "scheme": "DelegatedWork", - "environment": "PPE;public", - "isHidden": true, - "isEnabled": true, - "resourceAppId": "00000003-0000-0000-c000-000000000000" } ], "AgentIdentity.Read.All": [ @@ -12988,7 +12982,7 @@ "environment": "public", "isHidden": false, "isEnabled": true, - "resourceAppId": "00000003-0000-0000-c000-00000000000" + "resourceAppId": "00000003-0000-0ff1-ce00-000000000000" }, { "id": "f5fa52a5-b9ab-4dc3-885e-9e5b4a67068e", @@ -12996,7 +12990,7 @@ "environment": "public", "isHidden": false, "isEnabled": true, - "resourceAppId": "00000003-0000-0000-c000-00000000000" + "resourceAppId": "00000003-0000-0ff1-ce00-000000000000" } ], "SharePointCrossTenantMigration.Manage.All": [ @@ -13006,7 +13000,7 @@ "environment": "public", "isHidden": false, "isEnabled": true, - "resourceAppId": "00000003-0000-0000-c000-00000000000" + "resourceAppId": "00000003-0000-0ff1-ce00-000000000000" }, { "id": "a0521574-fcd8-4742-b29c-f796df57ea70", @@ -13014,7 +13008,7 @@ "environment": "public", "isHidden": false, "isEnabled": true, - "resourceAppId": "00000003-0000-0000-c000-00000000000" + "resourceAppId": "00000003-0000-0ff1-ce00-000000000000" } ], "SharePointTenantSettings.Read.All": [ @@ -17174,7 +17168,7 @@ "id": "604b2056-41ed-4c56-aad5-1241d4ef7333", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6" }, @@ -17182,7 +17176,7 @@ "id": "e227c591-dd64-4a8a-a033-816167f7c938", "scheme": "Application", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6" } @@ -17192,7 +17186,7 @@ "id": "e4a9cb5e-4767-48f8-9029-decf26a54456", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6" }