The v1.0 endpoint for the administrative units API is /v1.0/directory/administrativeUnits. With the permission an application can create, read, update, and delete administrative unit information including members.Ī and are valid only for work or school accounts. With the permission an application can read administrative unit information including members. Administrative units permissions Delegated permissions PermissionĪllows the app to read administrative units and administrative unit membership on behalf of the signed-in user.Īllows the app to create, read, update, and delete administrative units and manage administrative unit membership on behalf of the signed-in user.Īllows the app to read administrative units and administrative unit membership without a signed-in user.Īllows the app to create, read, update, and delete administrative units and manage administrative unit membership without a signed-in user. For an app with delegated permissions to write access reviews of an Azure AD role, the signed-in user must be a member of one of the following administrator roles: Global Administrator or Privileged Role Administrator.įor more information about administrator roles, see Assigning administrator roles in Azure Active Directory. For an app with delegated permissions to write access reviews of a group or app, the signed-in user must be a member of one of the following administrator roles: Global Administrator or User Administrator.įor an app with delegated permissions to read access reviews of an Azure AD role, the signed-in user must be a member of one of the following administrator roles: Global Administrator, Security Administrator, Security Reader or Privileged Role Administrator. Manage access reviews for group and app membershipsĪllows the app to read and write access reviews of groups and apps on behalf of the signed-in user.Īllows the app to read access reviews without a signed-in user.Īllows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user.Īllows the app to manage access reviews of groups and apps without a signed-in user.Ī,, are valid only for work or school accounts.įor an app with delegated permissions to read access reviews of a group or app, the signed-in user must be a member of one of the following administrator roles: Global Administrator, Security Administrator, Security Reader or User Administrator.
Access reviews permissions Delegated permissions PermissionĪllows the app to read access reviews on behalf of the signed-in user.Īllows the app to read and write access reviews on behalf of the signed-in user. Requesting permissions with more than the necessary privileges is poor security practice, which may cause users to refrain from consenting and affect your app's usage. As a best practice, request the least privileged permissions that your app needs in order to access data and function correctly.
0 kommentar(er)
