Conversation
There was a problem hiding this comment.
Pull request overview
Weekly permissions sync updating the permissions catalog and provisioning metadata, including enabling newly defined Agent Registration permissions and adding newly discovered API paths.
Changes:
- Populate IDs and enable/unhide
AgentRegistration.Read.AllandAgentRegistration.ReadWrite.AllinprovisioningInfo.json. - Refine several permission descriptions/names and add new permission definitions for Agent Registration in
permissions.json. - Add newly discovered report endpoints under existing permissions path mappings.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| permissions/new/provisioningInfo.json | Sets concrete GUIDs and flips isEnabled/isHidden for AgentRegistration permissions so they can be provisioned/exposed. |
| permissions/new/permissions.json | Adds AgentRegistration permission definitions, tweaks several admin descriptions/display names, and updates path mappings with new report endpoints. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "adminDisplayName": "Read all agent registrations", | ||
| "adminDescription": "Allows the user to read all agent registration information", | ||
| "userDisplayName": "Read all agent registrations", | ||
| "userDescription": "Allows the app to read agent registration information.", | ||
| "requiresAdminConsent": false, | ||
| "privilegeLevel": 3 |
There was a problem hiding this comment.
In the new AgentRegistration.Read.All delegated scheme, adminDescription says "Allows the user…" (and lacks a trailing period) while userDescription says "Allows the app…". Elsewhere in this file delegated permissions consistently describe the calling app/client (e.g., Agreement.Read.All at ~3222-3224). Consider aligning the wording (app/client vs user) and punctuation, and ensure the delegated descriptions clearly indicate "on behalf of the signed-in user" when applicable.
| "DelegatedWork": { | ||
| "adminDisplayName": "Read and write all agent registrations", | ||
| "adminDescription": "Allows the user to read and write all agent registration information", | ||
| "userDisplayName": "Read and write all agent registrations", | ||
| "userDescription": "Allows the app to read and write agent registration information.", | ||
| "requiresAdminConsent": true, |
There was a problem hiding this comment.
Similarly for AgentRegistration.ReadWrite.All delegated scheme, adminDescription uses "Allows the user…" (no period) while userDescription uses "Allows the app…". For consistency with other delegated permissions in this file, update the delegated descriptions to consistently refer to the calling app/client and end sentences with periods.
Weekly Permissions sync 2026-04-24