BusinessScenarioData.Read.OwnedBy
Allows the app to read all data associated with the business scenarios it owns. Data access will be attributed to the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
BusinessScenarioData.Read.OwnedBy
permission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReport
command. See How To: Run a quick OAuth app audit of your tenant
Category | Application | Delegated |
---|---|---|
Identifier | 6c0257fd-cffe-415b-8239-2d0d70fdaa9c | 25b265c4-5d34-4e44-952d-b567f6d3b96d |
DisplayText | Read data for all business scenarios this app creates or owns | Read all data for business scenarios this app creates or owns |
Description | Allows the app to read the data associated with the business scenarios it owns, without a signed-in user. | Allows the app to read all data associated with the business scenarios it owns. Data access will be attributed to the signed-in user. |
AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
Methods |
---|
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
Methods | |
---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
Commands |
---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
Commands | |
---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- businessScenario
- businessScenarioPlanReference
- businessScenarioTask
- businessScenarioTaskTargetBase
- group
- plannerPlan
Graph reference: businessScenario
Property | Type | Description |
---|---|---|
createdBy | identitySet | The identity of the user who created the scenario. |
createdDateTime | DateTimeOffset | The date and time when the scenario was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
displayName | String | Display name of the scenario. |
id | String | The unique identifier for the scenario. Inherited from entity. |
lastModifiedBy | identitySet | The identity of the user who last modified the scenario. |
lastModifiedDateTime | DateTimeOffset | The date and time when the scenario was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
ownerAppIds | String collection | Identifiers of applications that are authorized to work with this scenario. |
uniqueName | String | Unique name of the scenario. To avoid conflicts, the recommended value for the unique name is a reverse domain name format, owned by the author of the scenario. For example, a scenario authored by *C |
Graph reference: businessScenarioPlanReference
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the plannerPlan. Inherited from entity. Read-only. |
title | String | The title property of the **p |
Graph reference: businessScenarioTask
Property | Type | Description |
---|---|---|
activeChecklistItemCount | Int32 | Number of checklist items with value set to false , representing incomplete items. Inherited from plannerTask. |
appliedCategories | plannerAppliedCategories | The categories to which the task has been applied. For possible values, see plannerAppliedCategories. Inherited from plannerTask. |
assigneePriority | String | Hint used to order items of this type in a list view. For details about the supported format, see Using order hints in Planner. Inherited from plannerTask. |
assignments | plannerAssignments | The set of assignees the task is assigned to. Inherited from plannerTask. |
bucketId | String | Bucket ID to which the task belongs. Inherited from plannerTask. |
businessScenarioProperties | businessScenarioProperties | Scenario-specific properties of the task. externalObjectId and externalBucketId properties must be specified when creating a task. |
checklistItemCount | Int32 | Number of checklist items that are present on the task. Inherited from plannerTask. |
completedBy | identitySet | Identity of the user who completed the task. Inherited from plannerTask. Read-Only. |
completedDateTime | DateTimeOffset | Date and time at which the percentComplete of the task is set to 100 . The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Inherited from plannerTask. Read-only. |
conversationThreadId | String | Thread ID of the conversation on the task. This property contains the ID of the conversation thread object created in the group. Inherited from plannerTask. |
createdBy | identitySet | Identity of the user who created the task. Inherited from plannerTask. Read-Only. |
createdDateTime | DateTimeOffset | Date and time at which the task is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z Inherited from plannerTask. Read-only. |
creationSource | plannerTaskCreation | Contains information about the origin of the task. Inherited from plannerTask. |
dueDateTime | DateTimeOffset | Date and time at which the task is due. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Inherited from plannerTask. |
hasDescription | Boolean | True indicates that the details object of the task has a nonempty description; otherwise, false . Inherited from plannerTask. Read-only. |
id | String | The unique identifier for the task. Inherited from entity. Read-only. |
orderHint | String | Hint used to order items of this type in a list view. For details about the supported format, see Using order hints in Planner. Inherited from plannerTask. |
percentComplete | Int32 | Percentage of task completion. When set to 100 , the task is considered completed. Inherited from plannerTask. |
planId | String | Identifier of the plan to which the task belongs. Inherited from plannerTask. |
previewType | plannerPreviewType | This sets the type of preview that shows up on the task. Possible values are: automatic , noPreview , checklist , description , reference . Inherited from plannerTask. |
priority | Int32 | Priority of the task. Valid range of values is between 0 and 10 (inclusive), with increasing value being lower priority (0 has the highest priority and 10 has the lowest priority). Currently, Planner interprets values 0 and 1 as "urgent", 2 , 3 , and 4 as "important", 5 , 6 , and 7 as "medium", and 8 , 9 , and 10 as "low". Currently, Planner sets the value 1 for "urgent", 3 for "important", 5 for "medium", and 9 for "low". Inherited from plannerTask. |
referenceCount | Int32 | Number of external references that exist on the task. Inherited from plannerTask. |
startDateTime | DateTimeOffset | Date and time at which the task starts. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Inherited from plannerTask. |
target | businessScenarioTaskTargetBase | Target of the task that specifies where the task should be placed. Must be specified when creating a task. |
title | String | Title of the task. Inherited from plannerTask. |
Graph reference: businessScenarioTaskTargetBase
Property | Type | Description |
---|---|---|
taskTargetKind | plannerTaskTargetKind | Represents the kind of the target. The possible values are: group , unknownFutureValue . |
Graph reference: group
Property | Type | Description |
---|---|---|
allowExternalSenders | Boolean | Indicates if people external to the organization can send messages to the group. The default value is false . Returned only on $select . Supported only on the Get group API (GET /groups/{ID} ). |
assignedLabels | assignedLabel collection | The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select . This property can be updated only in delegated scenarios where the caller requires both the Microsoft Graph permission and a supported administrator role. |
assignedLicenses | assignedLicense collection | The licenses that are assigned to the group. Returned only on $select . Supports $filter (eq ).Read-only. |
autoSubscribeNewMembers | Boolean | Indicates if new members added to the group are autosubscribed to receive email notifications. You can set this property in a PATCH request for the group; don't set it in the initial POST request that creates the group. Default value is false . Returned only on $select . Supported only on the Get group API (GET /groups/{ID} ). |
classification | String | Describes a classification for the group (such as low, medium, or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition. Returned by default. Supports $filter (eq , ne , not , ge , le , startsWith ). |
createdDateTime | DateTimeOffset | Timestamp of when the group was created. The value can't be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z . Returned by default. Read-only. |
deletedDateTime | DateTimeOffset | For some Microsoft Entra objects (user, group, application), if the object is deleted, it's first logically deleted, and this property is updated with the date and time when the object was deleted. Otherwise this property is null . If the object is restored, this property is updated to null . Inherited from directoryObject. |
description | String | An optional description for the group. Returned by default. Supports $filter (eq , ne , not , ge , le , startsWith ) and $search . |
displayName | String | The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq , ne , not , ge , le , in , startsWith , and eq on null values), $search , and $orderby . |
expirationDateTime | DateTimeOffset | Timestamp of when the group is set to expire. It's null for security groups, but for Microsoft 365 groups, it represents when the group is set to expire as defined in the groupLifecyclePolicy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z . Returned by default. Supports $filter (eq , ne , not , ge , le , in ). Read-only. |
groupTypes | String collection | Specifies the group type and its membership. If the collection contains Unified , the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership , the group has dynamic membership; otherwise, membership is static. Returned by default. Supports $filter (eq , not ). |
hasMembersWithLicenseErrors | Boolean | Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq ). |
hideFromAddressLists | Boolean | True if the group isn't displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. The default value is false . Returned only on $select . Supported only on the Get group API (GET /groups/{ID} ). |
hideFromOutlookClients | Boolean | True if the group isn't displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. The default value is false . Returned only on $select . Supported only on the Get group API (GET /groups/{ID} ). |
id | String | The unique identifier for the group. Returned by default. Inherited from directoryObject. Key. Not nullable. Read-only. Supports $filter (eq , ne , not , in ). |
isArchived | Boolean | When a group is associated with a team, this property determines whether the team is in read-only mode. To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs. |
isAssignableToRole | Boolean | Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true , the securityEnabled property must also be set to true , visibility must be Hidden , and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership ). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignments Using this feature requires a Microsoft Entra ID P1 license. Returned by default. Supports $filter (eq , ne , not ). |
isSubscribedByMail | Boolean | Indicates whether the signed-in user is subscribed to receive email conversations. The default value is true . Returned only on $select . Supported only on the Get group API (GET /groups/{ID} ). |
licenseProcessingState | String | Indicates the status of the group license assignment to all group members. The default value is false . Read-only. Possible values: QueuedForProcessing , ProcessingInProgress , and ProcessingComplete .Returned only on $select . Read-only. |
String | The SMTP address for the group, for example, "[email protected]". Returned by default. Read-only. Supports $filter (eq , ne , not , ge , le , in , startsWith , and eq on null values). |
|
mailEnabled | Boolean | Specifies whether the group is mail-enabled. Required. Returned by default. Supports $filter (eq , ne , not ). |
mailNickname | String | The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () \ [] " ; : <> , SPACE . Required. Returned by default. Supports $filter (eq , ne , not , ge , le , in , startsWith , and eq on null values). |
membershipRule | String | The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership ). For more information about the syntax of the membership rule, see Membership Rules syntax. Returned by default. Supports $filter (eq , ne , not , ge , le , startsWith ). |
membershipRuleProcessingState | String | Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused . Returned by default. Supports $filter (eq , ne , not , in ). |
onPremisesDomainName | String | Contains the on-premises domain FQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect. Returned by default. Read-only. |
onPremisesLastSyncDateTime | DateTimeOffset | Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z . Returned by default. Read-only. Supports $filter (eq , ne , not , ge , le , in ). |
onPremisesNetBiosName | String | Contains the on-premises netBios name synchronized from the on-premises directory. The property is only populated for customers synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect. Returned by default. Read-only. |
onPremisesProvisioningErrors | onPremisesProvisioningError collection | Errors when using Microsoft synchronization product during provisioning. Returned by default. Supports $filter (eq , not ). |
onPremisesSamAccountName | String | Contains the on-premises SAM account name synchronized from the on-premises directory. The property is only populated for customers synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect. Returned by default. Supports $filter (eq , ne , not , ge , le , in , startsWith ). Read-only. |
onPremisesSecurityIdentifier | String | Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only. Returned by default. Supports $filter (eq including on null values). |
onPremisesSyncEnabled | Boolean | true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Returned by default. Read-only. Supports $filter (eq , ne , not , in , and eq on null values). |
preferredDataLocation | String | The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles:
For more information about this property, see OneDrive Online Multi-Geo. Nullable. Returned by default. |
preferredLanguage | String | The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US . Returned by default. Supports $filter (eq , ne , not , ge , le , in , startsWith , and eq on null values). |
proxyAddresses | String collection | Email addresses for the group that direct to the same group mailbox. For example: ["SMTP: [email protected]", "smtp: [email protected]"] . The any operator is required to filter expressions on multi-valued properties. Returned by default. Read-only. Not nullable. Supports $filter (eq , not , ge , le , startsWith , endsWith , /$count eq 0 , /$count ne 0 ). |
renewedDateTime | DateTimeOffset | Timestamp of when the group was last renewed. This value can't be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z . Returned by default. Supports $filter (eq , ne , not , ge , le , in ). Read-only. |
securityEnabled | Boolean | Specifies whether the group is a security group. Required. Returned by default. Supports $filter (eq , ne , not , in ). |
securityIdentifier | String | Security identifier of the group, used in Windows scenarios. Read-only. Returned by default. |
serviceProvisioningErrors | serviceProvisioningError collection | Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object. Supports $filter (eq , not , for isResolved and serviceInstance). |
theme | string | Specifies a Microsoft 365 group's color theme. Possible values are Teal , Purple , Green , Blue , Pink , Orange , or Red . Returned by default. |
uniqueName | String | The unique identifier that can be assigned to a group and used as an alternate key. Immutable. Read-only. |
unseenCount | Int32 | Count of conversations that received new posts since the signed-in user last visited the group. Returned only on $select . Supported only on the Get group API (GET /groups/{ID} ). |
visibility | String | Specifies the group join policy and group content visibility for groups. Possible values are: Private , Public , or HiddenMembership . HiddenMembership can be set only for Microsoft 365 groups when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation.If visibility value isn't specified during group creation on Microsoft Graph, a security group is created as Private by default, and the Microsoft 365 group is Public . Groups assignable to roles are always Private . To learn more, see group visibility options. Returned by default. Nullable. |
Graph reference: plannerPlan
Property | Type | Description |
---|---|---|
container | plannerPlanContainer | Identifies the container of the plan. Specify only the url, the containerId and type, or all properties. After it's set, this property can’t be updated. Required. |
createdBy | identitySet | Read-only. The user who created the plan. |
createdDateTime | DateTimeOffset | Read-only. Date and time at which the plan is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
id | String | Read-only. ID of the plan. It's 28 characters long and case-sensitive. Format validation is done on the service. |
owner (deprecated) | String | Use the container property instead. ID of the group that owns the plan. After it's set, this property can’t be updated. This property won't return a valid group ID if the container of the plan isn't a group. |
title | String | Required. Title of the plan. |