CustomSecAttributeProvisioning.ReadWrite.All

Allows the app to read and edit the provisioning configuration of all active custom security attributes on behalf of a signed in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the CustomSecAttributeProvisioning.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	1db69e9c-8d0a-498d-a5df-11fd0b68ceab	1140d9e4-6776-433e-a9e4-b9831adbb2e0
DisplayText	Read and edit the provisioning configuration of all active custom security attributes	Read and edit the provisioning configuration of all active custom security attributes
Description	Allows the app to read and edit the provisioning configuration of all active custom security attributes without a signed-in user.	Allows the app to read and edit the provisioning configuration of all active custom security attributes on behalf of a signed in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /applications/{id}/synchronization/templates/{templateId}/schema
	DELETE /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema
	GET /applications/{id}/synchronization/templates/{templateId}/schema
	GET /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema
	GET /servicePrincipals/{id}/synchronization/templates/{templateId}/schema
	PUT /applications/{id}/synchronization/templates/{templateId}/schema
	PUT /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /applications/{id}/synchronization/templates/{templateId}/schema
	DELETE /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema
	GET /applications/{id}/synchronization/templates/{templateId}/schema
	GET /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema
	GET /servicePrincipals/{id}/synchronization/templates/{templateId}/schema
	PUT /applications/{id}/synchronization/templates/{templateId}/schema
	PUT /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgServicePrincipalSynchronizationJobSchema
	Remove-MgApplicationSynchronizationTemplateSchema
	Remove-MgServicePrincipalSynchronizationJobSchema
	Update-MgServicePrincipalSynchronizationJobSchema

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaServicePrincipalSynchronizationJobSchema
	Remove-MgBetaApplicationSynchronizationTemplateSchema
	Remove-MgBetaServicePrincipalSynchronizationJobSchema
	Update-MgBetaServicePrincipalSynchronizationJobSchema

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

synchronizationSchema

Graph reference: synchronizationSchema

Property	Type	Description
id	String	Unique identifier for the schema.
synchronizationRules	synchronizationRule collection	A collection of synchronization rules configured for the synchronizationJob or synchronizationTemplate.
version	String	The version of the schema, updated automatically with every schema change.

Table of Contents

CustomSecAttributeProvisioning.ReadWrite.All

Graph Methods

Resources