From 10f9cf9bebad6982649daa82dff2cf698e1767e3 Mon Sep 17 00:00:00 2001 From: omondiatieno Date: Thu, 23 Apr 2026 15:24:20 +0300 Subject: [PATCH] Fix typo and add permissions clarification for blueprint docs --- api-reference/beta/api/agentidentityblueprint-update.md | 9 +++++++++ .../beta/api/agentidentityblueprintprincipal-delete.md | 2 +- api-reference/v1.0/api/agentidentityblueprint-update.md | 9 +++++++++ .../v1.0/api/agentidentityblueprintprincipal-delete.md | 2 +- 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/api-reference/beta/api/agentidentityblueprint-update.md b/api-reference/beta/api/agentidentityblueprint-update.md index 00abeadacaa..4b088ae47ab 100644 --- a/api-reference/beta/api/agentidentityblueprint-update.md +++ b/api-reference/beta/api/agentidentityblueprint-update.md @@ -27,6 +27,15 @@ Choose the permission or permissions marked as least privileged for this API. Us --> [!INCLUDE [permissions-table](../includes/permissions/agentidentityblueprint-update-permissions.md)] +The two least-privileged permissions authorize updates to different sets of properties: + +| Permission | Properties | +|:---|:---| +| `AgentIdentityBlueprint.AddRemoveCreds.All` | Credential-related properties such as **keyCredentials** and **passwordCredentials**. | +| `AgentIdentityBlueprint.UpdateBranding.All` | Branding properties such as **displayName** and **description**. | + +To update properties covered by both permission scopes, use the higher-privileged `AgentIdentityBlueprint.ReadWrite.All` permission. + [!INCLUDE [rbac-agentid-apis-write](../includes/rbac-for-apis/rbac-agentid-apis-write.md)] ## HTTP request diff --git a/api-reference/beta/api/agentidentityblueprintprincipal-delete.md b/api-reference/beta/api/agentidentityblueprintprincipal-delete.md index 5a2aca43d70..8f0276a8dda 100644 --- a/api-reference/beta/api/agentidentityblueprintprincipal-delete.md +++ b/api-reference/beta/api/agentidentityblueprintprincipal-delete.md @@ -14,7 +14,7 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -Delete a [agentIdentityBlueprintPrincipal](../resources/agentidentityblueprintprincipal.md) object. When deleted, agent identity blueprint prinicpals are moved to a temporary container and can be restored within 30 days. After that time, they are permanently deleted. +Delete a [agentIdentityBlueprintPrincipal](../resources/agentidentityblueprintprincipal.md) object. When deleted, agent identity blueprint principals are moved to a temporary container and can be restored within 30 days. After that time, they are permanently deleted. ## Permissions Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference). diff --git a/api-reference/v1.0/api/agentidentityblueprint-update.md b/api-reference/v1.0/api/agentidentityblueprint-update.md index c3ad3857e28..210df3fa201 100644 --- a/api-reference/v1.0/api/agentidentityblueprint-update.md +++ b/api-reference/v1.0/api/agentidentityblueprint-update.md @@ -25,6 +25,15 @@ Choose the permission or permissions marked as least privileged for this API. Us --> [!INCLUDE [permissions-table](../includes/permissions/agentidentityblueprint-update-permissions.md)] +The two least-privileged permissions authorize updates to different sets of properties: + +| Permission | Properties | +|:---|:---| +| `AgentIdentityBlueprint.AddRemoveCreds.All` | Credential-related properties such as **keyCredentials** and **passwordCredentials**. | +| `AgentIdentityBlueprint.UpdateBranding.All` | Branding properties such as **displayName** and **description**. | + +To update properties covered by both permission scopes, use the higher-privileged `AgentIdentityBlueprint.ReadWrite.All` permission. + [!INCLUDE [rbac-agentid-apis-write](../includes/rbac-for-apis/rbac-agentid-apis-write.md)] ## HTTP request diff --git a/api-reference/v1.0/api/agentidentityblueprintprincipal-delete.md b/api-reference/v1.0/api/agentidentityblueprintprincipal-delete.md index eea91e9e739..241e1f8d324 100644 --- a/api-reference/v1.0/api/agentidentityblueprintprincipal-delete.md +++ b/api-reference/v1.0/api/agentidentityblueprintprincipal-delete.md @@ -12,7 +12,7 @@ doc_type: apiPageType Namespace: microsoft.graph -Delete a [agentIdentityBlueprintPrincipal](../resources/agentidentityblueprintprincipal.md) object. When deleted, agent identity blueprint prinicpals are moved to a temporary container and can be restored within 30 days. After that time, they are permanently deleted. +Delete a [agentIdentityBlueprintPrincipal](../resources/agentidentityblueprintprincipal.md) object. When deleted, agent identity blueprint principals are moved to a temporary container and can be restored within 30 days. After that time, they are permanently deleted. ## Permissions Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).