Policy.ReadWrite.Authorization
Allows the app to read and write your organization's authorization policy on behalf of the signed-in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
|
|
Id |
edd3c878-b384-41fd-95ad-e7407dd775be |
Consent Type |
Admin |
Display String |
Read and write your organization's authorization policy |
Description |
Allows the app to read and write your organization's authorization policy on behalf of the signed-in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. |
Application Permission
|
|
Id |
fb221be6-99f2-473f-bd32-01c6a0e9ca3b |
Display String |
Read and write your organization's authorization policy |
Description |
Allows the app to read and write your organization's authorization policy without a signed in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. |
Resources
Property |
Type |
Description |
allowedToSignUpEmailBasedSubscriptions |
Boolean |
Indicates whether users can sign up for email based subscriptions. |
allowedToUseSSPR |
Boolean |
Indicates whether the Self-Serve Password Reset feature can be used by users on the tenant. |
allowEmailVerifiedUsersToJoinOrganization |
Boolean |
Indicates whether a user can join the tenant by email validation. |
allowInvitesFrom |
allowInvitesFrom |
Indicates who can invite external users to the organization. Possible values are: none , adminsAndGuestInviters , adminsGuestInvitersAndAllMembers , everyone . everyone is the default setting for all cloud environments except US Government. See more in the table below. |
blockMsolPowerShell |
Boolean |
To disable the use of MSOL PowerShell set this property to true . This will also disable user-based access to the legacy service endpoint used by MSOL PowerShell. This does not affect Azure AD Connect or Microsoft Graph. |
defaultUserRolePermissions |
defaultUserRolePermissions |
Specifies certain customizable permissions for default user role. |
description |
String |
Description of this policy. |
displayName |
String |
Display name for this policy. |
guestUserRoleId |
Guid |
Represents role templateId for the role that should be granted to guest user. Currently following roles are supported: User (a0b1b346-4d3e-4e8b-98f8-753987be4970 ), Guest User (10dae51f-b6af-4016-8d66-8c2a99b929b3 ), and Restricted Guest User (2af84b1e-32c8-42b7-82bc-daa82404023b ). |
id |
String |
ID of the authorization policy. Required. Read-only. |
Property |
Type |
Description |
allowedToCreateApps |
Boolean |
Indicates whether the default user role can create applications. |
allowedToCreateSecurityGroups |
Boolean |
Indicates whether the default user role can create security groups. |
allowedToReadOtherUsers |
Boolean |
Indicates whether the default user role can read other users. |
permissionGrantPoliciesAssigned |
String collection |
Indicates if user consent to apps is allowed, and if it is, which permission to grant consent and which app consent policy (permissionGrantPolicy) govern the permission for users to grant consent. Value should be in the format managePermissionGrantsForSelf.{id} , where {id} is the **i |