Policy.Read.PermissionGrant
Allows the app to read policies related to consent and permission grants for applications, on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
|
|
Id |
414de6ea-2d92-462f-b120-6e2a809a6d01 |
Consent Type |
Admin |
Display String |
Read consent and permission grant policies |
Description |
Allows the app to read policies related to consent and permission grants for applications, on behalf of the signed-in user. |
Application Permission
|
|
Id |
9e640839-a198-48fb-8b9a-013fd6f6cbcd |
Display String |
Read consent and permission grant policies |
Description |
Allows the app to read policies related to consent and permission grants for applications, without a signed-in user. |
Resources
Property |
Type |
Description |
clientApplicationsFromVerifiedPublisherOnly |
Boolean |
Set to true to only match on client applications with a verified publisher. Set to false to match on any client app, even if it does not have a verified publisher. Default is false . |
clientApplicationIds |
String collection |
A list of appId values for the client applications to match with, or a list with the single value all to match any client application. Default is the single value all . |
clientApplicationPublisherIds |
String collection |
A list of Microsoft Partner Network (MPN) IDs for verified publishers of the client application, or a list with the single value all to match with client apps from any publisher. Default is the single value all . |
clientApplicationTenantIds |
String collection |
A list of Azure Active Directory tenant IDs in which the client application is registered, or a list with the single value all to match with client apps registered in any tenant. Default is the single value all . |
id |
String |
The unique identifier for the permission grant condition set. Key. Read-only. |
permissionClassification |
String |
The permission classification for the permission being granted, or all to match with any permission classification (including permissions which are not classified). Default is all . |
permissions |
String collection |
The list of id values for the specific permissions to match with, or a list with the single value all to match with any permission. The id of delegated permissions can be found in the oauth2PermissionScopes property of the API's servicePrincipal object. The id of application permissions can be found in the appRoles property of the API's servicePrincipal object. The id of resource-specific application permissions can be found in the resourceSpecificApplicationPermissions property of the API's servicePrincipal object. Default is the single value all . |
permissionType |
permissionType |
The permission type of the permission being granted. Possible values: application for application permissions (e.g. app roles), or delegated for delegated permissions. The value delegatedUserConsentable indicates delegated permissions which have not been configured by the API publisher to require admin consent—this value may be used in built-in permission grant policies, but cannot be used in custom permission grant policies. Required. |
resourceApplication |
String |
The **a |
Property |
Type |
Description |
displayName |
String |
The display name for the permission grant policy. |
description |
String |
The description for the permission grant policy. |
excludes |
permissionGrantConditionSet collection |
Condition sets which are excluded in this permission grant policy. Automatically expanded on GET . |
id |
String |
The unique identifier for the permission grant policy. The id prefix microsoft- is reserved for built-in permission grant policies, and may not be used in a custom permission grant policy. Only letters, numbers, hyphens (- ) and underscores (_ ) are allowed. Key. Not nullable. Required on create. Immutable. |
includes |
permissionGrantConditionSet collection |
Condition sets which are *i |