ProgramControl.ReadWrite.All

Allows the app to read, update, delete and perform actions on programs and program controls that the signed-in user has access to in the organization.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the ProgramControl.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	60a901ed-09f7-4aa5-a16e-7dd3d6f9de36	50fd364f-9d93-4ae1-b170-300e87cccf84
DisplayText	Manage all programs	Manage all programs that user can access
Description	Allows the app to read, update, delete and perform actions on programs and program controls in the organization, without a signed-in user.	Allows the app to read, update, delete and perform actions on programs and program controls that the signed-in user has access to in the organization.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /programControls/{id}
	DELETE /programs/{id}
	GET /programControls
	GET /programControlTypes
	GET /programs
	GET /programs/{programId}/controls
	PATCH /programs/{programId}
	POST /programControls
	POST /programs

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaProgram
	Get-MgBetaProgramControl
	Get-MgBetaProgramControlType
	New-MgBetaProgram
	New-MgBetaProgramControl
	Remove-MgBetaProgram
	Remove-MgBetaProgramControl
	Update-MgBetaProgram

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: accessreviews-root

Graph reference: program

Property	Type	Description
id	String	The feature-assigned identifier of the program.
displayName	String	The name of the program. Required on create.
description	String	The description of the program.

Graph reference: programcontrol

Property	Type	Description
id	String	The feature-assigned identifier of the link between program and control.
programId	String	The programId of the program this control is a part of. Required on create.
controlId	String	The controlId of the control, in particular the identifier of an access review. Required on create.
controlTypeId	String	The programControlType identifies the type of program control - for example, a control linking to guest access reviews. Required on create.
displayName	String	The name of the control.
status	String	The life cycle status of the control.
createdDateTime	DateTimeOffset	The creation date and time of the program control.
owner	userIdentity	The user who created the program control.
resource	programResource	The resource, a group or an app, targeted by this program control's access review.

Graph reference: programcontroltype

Property	Type	Description
id	String	The feature-assigned identifier of the program control type
displayName	String	The name of the program control type

Table of Contents

ProgramControl.ReadWrite.All

Graph Methods

Resources