From 1d800912590908b655abc251a15692270f1c8046 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Sun, 1 Feb 2026 03:33:17 +0300 Subject: [PATCH] Weekly Permissions sync 2026-02-01 --- permissions/new/permissions.json | 150 +++++--------------------- permissions/new/provisioningInfo.json | 24 ++++- 2 files changed, 46 insertions(+), 128 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 5597741e..5814d0e0 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -1258,7 +1258,7 @@ "DelegatedWork": { "adminDisplayName": "Read all agent identities", "adminDescription": "Allows the client to read all agent identities.", - "requiresAdminConsent": false, + "requiresAdminConsent": true, "privilegeLevel": 3 }, "Application": { @@ -1447,7 +1447,7 @@ "DelegatedWork": { "adminDisplayName": "Read all agent identity blueprints", "adminDescription": "Allows the client to read all agent identity blueprints.", - "requiresAdminConsent": false, + "requiresAdminConsent": true, "privilegeLevel": 3 }, "Application": { @@ -1706,7 +1706,7 @@ "DelegatedWork": { "adminDisplayName": "Read agent identity blueprints principals.", "adminDescription": "Allows reading agent identity blueprint principals with a signed-in user.", - "requiresAdminConsent": false, + "requiresAdminConsent": true, "privilegeLevel": 3 }, "Application": { @@ -42448,42 +42448,34 @@ "userDescription": "Allows the app to read your organization's risk prevention providers, on your behalf.", "requiresAdminConsent": true, "privilegeLevel": 3 - }, - "Application": { - "adminDisplayName": "Read all identity risk prevention providers", - "adminDescription": "Allows the app to read your organization's risk prevention providers, without a signed-in user.", - "requiresAdminConsent": true, - "privilegeLevel": 4 } }, "pathSets": [ { "schemeKeys": [ - "DelegatedWork", - "Application" + "DelegatedWork" ], "methods": [ "GET" ], "paths": { - "/identity/riskPrevention/fraudProtectionProviders": "least=DelegatedWork,Application", - "/identity/riskPrevention/fraudProtectionProviders/{id}": "least=DelegatedWork,Application", - "/identity/riskPrevention/webApplicationFirewallProviders": "least=DelegatedWork,Application", - "/identity/riskPrevention/webApplicationFirewallProviders/{id}": "least=DelegatedWork,Application", - "/identity/riskPrevention/webApplicationFirewallVerifications": "least=DelegatedWork,Application", - "/identity/riskPrevention/webApplicationFirewallVerifications/{id}": "least=DelegatedWork,Application" + "/identity/riskPrevention/fraudProtectionProviders": "least=DelegatedWork", + "/identity/riskPrevention/fraudProtectionProviders/{id}": "least=DelegatedWork", + "/identity/riskPrevention/webApplicationFirewallProviders": "least=DelegatedWork", + "/identity/riskPrevention/webApplicationFirewallProviders/{id}": "least=DelegatedWork", + "/identity/riskPrevention/webApplicationFirewallVerifications": "least=DelegatedWork", + "/identity/riskPrevention/webApplicationFirewallVerifications/{id}": "least=DelegatedWork" } }, { "schemeKeys": [ - "DelegatedWork", - "Application" + "DelegatedWork" ], "methods": [ "POST" ], "paths": { - "/identity/riskPrevention/webApplicationFirewalls/verify": "least=DelegatedWork,Application" + "/identity/riskPrevention/webApplicationFirewalls/verify": "least=DelegatedWork" } } ], @@ -42501,33 +42493,25 @@ "userDescription": "Allows the app to read and write your organization's risk prevention providers, on your behalf.", "requiresAdminConsent": true, "privilegeLevel": 3 - }, - "Application": { - "adminDisplayName": "Read and write all identity risk prevention providers", - "adminDescription": "Allows the app to read and write your organization's risk prevention providers, without a signed-in user.", - "requiresAdminConsent": true, - "privilegeLevel": 4 } }, "pathSets": [ { "schemeKeys": [ - "DelegatedWork", - "Application" + "DelegatedWork" ], "methods": [ "GET", "POST" ], "paths": { - "/identity/riskPrevention/fraudProtectionProviders": "least=DelegatedWork,Application", - "/identity/riskPrevention/webApplicationFirewallProviders": "least=DelegatedWork,Application" + "/identity/riskPrevention/fraudProtectionProviders": "least=DelegatedWork", + "/identity/riskPrevention/webApplicationFirewallProviders": "least=DelegatedWork" } }, { "schemeKeys": [ - "DelegatedWork", - "Application" + "DelegatedWork" ], "methods": [ "DELETE", @@ -42535,33 +42519,31 @@ "PATCH" ], "paths": { - "/identity/riskPrevention/fraudProtectionProviders/{id}": "least=DelegatedWork,Application", - "/identity/riskPrevention/webApplicationFirewallProviders/{id}": "least=DelegatedWork,Application" + "/identity/riskPrevention/fraudProtectionProviders/{id}": "least=DelegatedWork", + "/identity/riskPrevention/webApplicationFirewallProviders/{id}": "least=DelegatedWork" } }, { "schemeKeys": [ - "DelegatedWork", - "Application" + "DelegatedWork" ], "methods": [ "POST" ], "paths": { - "/identity/riskPrevention/webApplicationFirewallProviders/{id}/verify": "least=DelegatedWork,Application" + "/identity/riskPrevention/webApplicationFirewallProviders/{id}/verify": "least=DelegatedWork" } }, { "schemeKeys": [ - "DelegatedWork", - "Application" + "DelegatedWork" ], "methods": [ "DELETE", "GET" ], "paths": { - "/identity/riskPrevention/webApplicationFirewallVerifications/{id}": "least=DelegatedWork,Application" + "/identity/riskPrevention/webApplicationFirewallVerifications/{id}": "least=DelegatedWork" } } ], @@ -47970,7 +47952,7 @@ } ], "ownerInfo": { - "ownerSecurityGroup": "privacymanagementDSR" + "ownerSecurityGroup": "PrivacySolutionAdmin" } }, "SubjectRightsRequest.ReadWrite.All": { @@ -48030,7 +48012,7 @@ } ], "ownerInfo": { - "ownerSecurityGroup": "privacymanagementDSR" + "ownerSecurityGroup": "PrivacySolutionAdmin" } }, "Synchronization.Read.All": { @@ -53248,6 +53230,7 @@ "/teams/{id}/completemigration": "least=Application", "/users/{id}/teamwork/sections": "", "/users/{id}/teamwork/sections/{id}/items": "", + "/users/{id}/teamwork/sections/{id}/items/{id}/move": "", "/users/{id}/teamwork/sections/{id}/items/reorder": "", "/users/{id}/teamwork/sections/reorder": "" } @@ -54115,42 +54098,6 @@ "ownerSecurityGroup": "riskiq-dev" } }, - "ThreatSubmission.Read": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Read threat submissions", - "adminDescription": "Allows the app to read the threat submissions and threat submission policies owned by the signed-in user.", - "userDisplayName": "Read threat submissions", - "userDescription": "Allows the app to read the threat submissions and threat submission policies that you own on your behalf.", - "requiresAdminConsent": true, - "privilegeLevel": 2 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "GET" - ], - "paths": { - "/security/threatsubmission/emailthreats": "least=DelegatedWork", - "/security/threatsubmission/emailthreats/{id}": "least=DelegatedWork", - "/security/threatsubmission/emailthreatsubmissionpolicies": "least=DelegatedWork", - "/security/threatsubmission/emailthreatsubmissionpolicies/{id}": "least=DelegatedWork", - "/security/threatsubmission/filethreats": "least=DelegatedWork", - "/security/threatsubmission/filethreats/{id}": "least=DelegatedWork", - "/security/threatsubmission/urlthreats": "least=DelegatedWork", - "/security/threatsubmission/urlthreats/{id}": "least=DelegatedWork" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "IdentityReq" - } - }, "ThreatSubmission.Read.All": { "authorizationType": "oAuth2", "schemes": { @@ -54194,53 +54141,6 @@ "ownerSecurityGroup": "IdentityReq" } }, - "ThreatSubmission.ReadWrite": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Read and write threat submissions", - "adminDescription": "Allows the app to read the threat submissions and threat submission policies owned by the signed-in user. Also allows the app to create new threat submissions on behalf of the signed-in user.", - "userDisplayName": "Read and write threat submissions", - "userDescription": "Allows the app to read the threat submissions and threat submission policies that you own. Also allows the app to create new threat submissions on your behalf.", - "requiresAdminConsent": true, - "privilegeLevel": 2 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "GET" - ], - "paths": { - "/security/threatsubmission/emailthreats/{id}": "", - "/security/threatsubmission/emailthreatsubmissionpolicies": "", - "/security/threatsubmission/emailthreatsubmissionpolicies/{id}": "", - "/security/threatsubmission/filethreats/{id}": "", - "/security/threatsubmission/urlthreats/{id}": "" - } - }, - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "GET", - "POST" - ], - "paths": { - "/security/threatsubmission/emailthreats": "least=DelegatedWork", - "/security/threatsubmission/filethreats": "least=DelegatedWork", - "/security/threatsubmission/urlthreats": "least=DelegatedWork" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "IdentityReq" - } - }, "ThreatSubmission.ReadWrite.All": { "authorizationType": "oAuth2", "schemes": { diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 5b07f54a..bff11657 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -486,6 +486,24 @@ "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], + "AgentIdentityBlueprint.UpdateSponsors.All": [ + { + "id": "", + "scheme": "Application", + "environment": "PPE;public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + }, + { + "id": "", + "scheme": "DelegatedWork", + "environment": "PPE;public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } + ], "AgentIdentityBlueprintPrincipal.CreateAsManager": [ { "id": "c50c596a-6889-4460-acb1-3ed7c5fc142a", @@ -15783,7 +15801,7 @@ "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } ], - "TeamworkTargetedMessage.ReadWrite.All": [ + "TeamworkTargetedMessage.ReadWrite": [ { "id": "", "scheme": "Application", @@ -16112,7 +16130,7 @@ "id": "fd5353c6-26dd-449f-a565-c4e16b9fce78", "scheme": "DelegatedWork", "environment": "public", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "" } @@ -16140,7 +16158,7 @@ "id": "68a3156e-46c9-443c-b85c-921397f082b5", "scheme": "DelegatedWork", "environment": "public", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "" }