From adf3d3b09224980f185fb17f929ee97f4b127d43 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Fri, 20 Dec 2024 09:50:23 +0300 Subject: [PATCH 1/2] Weekly Permissions sync 2024-12-20 (#926) --- permissions/new/permissions.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 3befdcd9..696318dc 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -47977,9 +47977,9 @@ "schemes": { "DelegatedWork": { "adminDisplayName": "Read and write access to user profile", - "adminDescription": "Allows the app to read your profile. It also allows the app to update your profile information on your behalf.", + "adminDescription": "Allows the app to read your profile and basic company information. It also allows the app to update your profile information on your behalf.", "userDisplayName": "Read and update your profile", - "userDescription": "Allows the app to read your profile, and discover your group membership, reports and manager. It also allows the app to update your profile information on your behalf.", + "userDescription": "Allows the app to read your profile and basic company information, and discover your group membership, reports and manager. It also allows the app to update your profile information on your behalf.", "requiresAdminConsent": false, "privilegeLevel": 3 }, @@ -48311,15 +48311,15 @@ "schemes": { "DelegatedWork": { "adminDisplayName": "Read and write all users' full profiles", - "adminDescription": "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.", + "adminDescription": "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, and read basic company properties, on behalf of the signed-in user.", "userDisplayName": "Read and write all users' full profiles", - "userDescription": "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on your behalf.", + "userDescription": "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, and read basic company properties, on your behalf.", "requiresAdminConsent": true, "privilegeLevel": 4 }, "Application": { "adminDisplayName": "Read and write all users' full profiles", - "adminDescription": "Allows the app to read and update user profiles without a signed in user.", + "adminDescription": "Allows the app to read and update user profiles and read basic company properties without a signed in user.", "requiresAdminConsent": true, "privilegeLevel": 4 } From a0021d138cce49cbb1282106f419fc7b3edb6a67 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Mon, 30 Dec 2024 03:25:45 +0300 Subject: [PATCH 2/2] Weekly Permissions sync 2024-12-30 --- permissions/new/ProvisioningInfo.json | 26 ++++++- permissions/new/permissions.json | 103 ++++++++++++++++++++++++++ 2 files changed, 125 insertions(+), 4 deletions(-) diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json index f3aae871..bc6ca2fd 100644 --- a/permissions/new/ProvisioningInfo.json +++ b/permissions/new/ProvisioningInfo.json @@ -5266,6 +5266,24 @@ "resourceAppId": "" } ], + "FormsBody.ReadWrite.All": [ + { + "id": "", + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "c9a559d2-7aab-4f13-a6ed-e7e9c52aec87" + }, + { + "id": "", + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "c9a559d2-7aab-4f13-a6ed-e7e9c52aec87" + } + ], "Goals-Export.Read.All": [ { "scheme": "DelegatedWork", @@ -10077,7 +10095,7 @@ "id": "dd689728-6eb8-4deb-bd38-2924a935f3de", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "8ee8fdad-f234-4243-8f3b-15c294843740" }, @@ -10085,7 +10103,7 @@ "id": "4d6e30d1-e64e-4ae7-bf9d-c706cc928cef", "scheme": "Application", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "8ee8fdad-f234-4243-8f3b-15c294843740" } @@ -10167,7 +10185,7 @@ "id": "d8914f8f-9f64-4bd1-b4d3-f5a701ed8457", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "8ee8fdad-f234-4243-8f3b-15c294843740" }, @@ -10175,7 +10193,7 @@ "id": "8b7e8c0a-7e9d-4049-97ec-04b5e1bcaf05", "scheme": "Application", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "8ee8fdad-f234-4243-8f3b-15c294843740" } diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 696318dc..24805236 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -36389,6 +36389,44 @@ "ownerSecurityGroup": "cpcgraph" } }, + "RoleManagement.Read.Defender": { + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read M365 Defender RBAC configuration", + "adminDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.", + "userDisplayName": "Read M365 Defender RBAC configuration", + "userDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Read M365 Defender RBAC configuration", + "adminDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/rolemanagement/defender/roleassignments": "least=DelegatedWork,Application", + "/rolemanagement/defender/roleassignments/{id}": "least=DelegatedWork,Application", + "/rolemanagement/defender/roledefinitions": "least=DelegatedWork,Application", + "/rolemanagement/defender/roledefinitions/{id}": "least=DelegatedWork,Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "mdatpUrbac" + } + }, "RoleManagement.Read.Directory": { "schemes": { "DelegatedWork": { @@ -36595,6 +36633,71 @@ "ownerSecurityGroup": "cpcgraph" } }, + "RoleManagement.ReadWrite.Defender": { + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read M365 Defender RBAC configuration", + "adminDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.", + "userDisplayName": "Read M365 Defender RBAC configuration", + "userDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Read M365 Defender RBAC configuration", + "adminDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/roleManagement/defender/roleassignments": "", + "/roleManagement/defender/roleassignments/{id}": "", + "/rolemanagement/defender/roledefinitions": "", + "/rolemanagement/defender/roledefinitions/{id}": "" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/roleManagement/defender/roleassignments": "least=DelegatedWork,Application", + "/rolemanagement/defender/roledefinitions": "least=DelegatedWork,Application" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "DELETE", + "PATCH" + ], + "paths": { + "/roleManagement/defender/roleassignments/{id}": "least=DelegatedWork,Application", + "/rolemanagement/defender/roledefinitions/{id}": "least=DelegatedWork,Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "mdatpUrbac" + } + }, "RoleManagement.ReadWrite.Directory": { "schemes": { "DelegatedWork": {