forked from microsoftgraph/microsoft-graph-explorer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
scopes.ts
438 lines (437 loc) · 17.9 KB
/
scopes.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
import { PermissionScope } from "./base";
export const PermissionScopes: PermissionScope[] = [
{
name: "Calendars.Read",
description: "Read user calendars",
longDescription: "Allows the app to read events in user calendars.",
preview: false,
admin: false,
},
{
name: "Calendars.Read.Shared",
description: "Read user and shared calendars",
longDescription: "Allows the app to read events in all calendars that the user can access, including delegate and shared calendars.",
preview: false,
admin: false,
},
{
name: "Calendars.ReadWrite",
description: "Have full access to user calendars",
longDescription: "Allows the app to create, read, update, and delete events in user calendars.",
preview: false,
admin: false,
},
{
name: "Calendars.ReadWrite.Shared",
description: "Read and write user and shared calendars",
longDescription: "Allows the app to create, read, update and delete events in all calendars the user has permissions to access. This includes delegate and shared calendars.",
preview: false,
admin: false,
},
{
name: "Contacts.Read",
description: "Read user contacts",
longDescription: "Allows the app to read user contacts.",
preview: false,
admin: false,
},
{
name: "Contacts.Read.Shared",
description: "Read user and shared contacts",
longDescription: "Allows the app to read contacts that the user has permissions to access, including the user's own and shared contacts.",
preview: false,
admin: false,
},
{
name: "Contacts.ReadWrite",
description: "Have full access to user contacts",
longDescription: "Allows the app to create, read, update, and delete user contacts.",
preview: false,
admin: false,
},
{
name: "Contacts.ReadWrite.Shared",
description: "Read and write user and shared contacts",
longDescription: "Allows the app to create, read, update and delete contacts that the user has permissions to, including the user's own and shared contacts.",
preview: false,
admin: false,
},
{
name: "Files.Read",
description: "Read user files and files shared with user",
longDescription: "Allows the app to read the signed-in user's files and files shared with the user.",
preview: false,
admin: false,
},
{
name: "Files.Read.All",
description: "Read all files that user can access",
longDescription: "Allows the app to read all files the signed-in user can access.",
preview: false,
admin: false,
},
{
name: "Files.Read.Selected",
description: "Read files that the user selects",
longDescription: "Allows the app to read files that the user selects. The app has access for several hours after the user selects a file.",
preview: false,
admin: false,
},
{
name: "Files.ReadWrite",
description: "Have full access to user files and files shared with user",
longDescription: "Allows the app to read, create, update and delete the signed-in user's files and files shared with the user.",
preview: false,
admin: false,
},
{
name: "Files.ReadWrite.All",
description: "Have full access to all files user can access",
longDescription: "Allows the app to read, create, update and delete all files the signed-in user can access.",
preview: false,
admin: false,
},
{
name: "Files.ReadWrite.AppFolder",
description: "Have full access to the application's folder",
longDescription: "Allows the app to read, create, update and delete files in the application's folder.",
preview: false,
admin: false,
},
{
name: "Files.ReadWrite.Selected",
description: "Read and write files that the user selects",
longDescription: "Allows the app to read and write files that the user selects. The app has access for several hours after the user selects a file.",
preview: false,
admin: false,
},
{
name: "Mail.Read",
description: "Read user mail",
longDescription: "Allows the app to read email in user mailboxes.",
preview: false,
admin: false,
},
{
name: "Mail.Read.Shared",
description: "Read user and shared mail",
longDescription: "Allows the app to read mail that the user can access, including the user's own and shared mail.",
preview: false,
admin: false,
},
{
name: "Mail.ReadWrite",
description: "Read and write access to user mail",
longDescription: "Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail.",
preview: false,
admin: false,
},
{
name: "Mail.ReadWrite.Shared",
description: "Read and write user and shared mail",
longDescription: "Allows the app to create, read, update, and delete mail that the user has permission to access, including the user's own and shared mail. Does not include permission to send mail.",
preview: false,
admin: false,
},
{
name: "Mail.Send",
description: "Send mail as a user",
longDescription: "Allows the app to send mail as users in the organization.",
preview: false,
admin: false,
},
{
name: "Mail.Send.Shared",
description: "Send mail on behalf of others",
longDescription: "Allows the app to send mail as the signed-in user, including sending on-behalf of others.",
preview: false,
admin: false,
},
{
name: "MailboxSettings.ReadWrite",
description: "Read and write user mailbox settings",
longDescription: "Allows the app to create, read, update, and delete user's mailbox settings. Does not include permission to send mail.",
preview: false,
admin: false,
},
{
name: "openid",
description: "Sign users in (preview)",
longDescription: "Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.",
preview: false,
admin: false,
},
{
name: "User.Read",
description: "Sign-in and read user profile",
longDescription: "Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. The full profile includes all of the declared properties of the User entity. The app cannot read navigation properties, such as manager or direct reports. Also allows the app to read the following basic company information of the signed-in user (through the TenantDetail object): tenant ID, tenant display name, and verified domains.",
preview: false,
admin: false,
},
{
name: "User.ReadWrite",
description: "Read and write access to user profile",
longDescription: "Allows the app to read your profile. It also allows the app to update your profile information on your behalf.",
preview: false,
admin: false,
},
{
name: "User.ReadBasic.All",
description: "Read all user's basic profiles",
longDescription: "Allows the app to read the basic profile of all users in the organization on behalf of the signed-in user. The following properties comprise a user’s basic profile: display name, first and last name, photo, and email address. To read the groups that a user is a member of, the app will also require Group.Read.All or Group.ReadWrite.All.",
preview: false,
admin: false,
},
{
name: "Notes.Create",
description: "Create pages in users' notebooks (preview)",
longDescription: "Allows the app to read the titles of notebooks and sections and create new pages, notebooks and sections on behalf of the signed-in user.",
preview: true,
admin: false,
},
{
name: "Notes.Read",
description: "Read user notebooks (preview)",
longDescription: "Allows the app to view the titles of OneNote notebooks and sections and to read all pages on behalf of the signed-in user. It cannot view password protected sections.",
preview: true,
admin: false,
},
{
name: "Notes.Read.All",
description: "Read all notebooks that the user can access (preview)",
longDescription: "Allows the app to read the contents of all notebooks and sections that the signed-in user can access. It cannot read password protected sections.",
preview: true,
admin: false,
},
{
name: "Notes.ReadWrite",
description: "Read and write user notebooks (preview)",
longDescription: "Allows the app to read the titles of notebooks and sections, read all pages, write all pages and create new pages on behalf of the signed-in user. It cannot access password protected sections.",
preview: true,
admin: false,
},
{
name: "Notes.ReadWrite.All",
description: "Read and write notebooks that the user can access (preview)",
longDescription: "Allows the app to read and write the contents of all notebooks and sections that the signed-in user can access. It cannot access password protected sections.",
preview: true,
admin: false,
},
{
name: "Notes.ReadWrite.CreatedByApp",
description: "Limited notebook access (preview)",
longDescription: "Allows the app to read the titles of notebooks and sections, create new pages on behalf of the signed-in user. Also allows the app to read and update pages created by the app.",
preview: true,
admin: false,
},
{
name: "People.Read",
description: "Read all users' relevant people lists and search your directory",
longDescription: "Allows the app to read a scored list of relevant people of the signed-in user. The list includes local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype).",
preview: false,
admin: false,
},
{
name: "Sites.Read.All",
description: "Read items in all site collections",
longDescription: "Allows the application to read documents and list items in all site collections on behalf of the signed-in user.",
preview: true,
admin: false,
},
{
name: "Sites.ReadWrite.All",
description: "Read and write items in all site collections",
longDescription: "Allows the application to edit or delete documents and list items in all site collections on behalf of the signed-in user.",
preview: true,
admin: false,
},
{
name: "Tasks.Read",
description: "Read user tasks",
longDescription: "Allows the app to read user tasks.",
preview: true,
admin: false,
},
{
name: "Tasks.Read.Shared",
description: "Read user and shared tasks",
longDescription: "Allows the app to read tasks a user has permissions to access, including their own and shared tasks.",
preview: true,
admin: false,
},
{
name: "Tasks.ReadWrite",
description: "Create, read, update and delete user tasks and plans (preview)",
longDescription: "Allows the app to create, read, update and delete tasks and plans (and tasks in them), that are assigned to or shared with the signed-in user.",
preview: true,
admin: false,
},
{
name: "Tasks.ReadWrite.Shared",
description: "Read and write user and shared tasks",
longDescription: "Allows the app to create, read, update, and delete tasks a user has permissions to, including their own and shared tasks.",
preview: true,
admin: false,
},
{
name: "Device.Read",
preview: true,
admin: false,
description: "",
longDescription: "",
},
{
name: "Device.Command",
preview: true,
admin: false,
description: "",
longDescription: "",
},
{
name: "Directory.AccessAsUser.All",
description: "Access directory as the signed-in user",
longDescription: "Allows the app to have the same access to information in the directory as the signed-in user.",
preview: false,
admin: true,
},
{
name: "Directory.Read.All",
description: "Read directory data",
longDescription: "Allows the app to read data in your organization's directory, such as users, groups and apps.",
preview: false,
admin: true,
},
{
name: "Directory.ReadWrite.All",
description: "Read and write directory data",
longDescription: "Allows the app to read and write data in your organization's directory, such as users, and groups. Does not allow user or group deletion. It does not allow the app to delete users or groups, or reset user passwords.",
preview: false,
admin: true,
},
{
name: "Group.Read.All",
description: "Read all groups",
longDescription: "Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.",
preview: false,
admin: true,
},
{
name: "Group.ReadWrite.All",
description: "Read and write all groups",
longDescription: "Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Additionally allows group owners to manage their groups and allows group members to update group content.",
preview: false,
admin: true,
},
{
name: "User.Read.All",
description: "Read all user's full profiles",
longDescription: "Same as User.ReadBasic.All, except that it allows the app to read the full profile of all users in the organization and when reading navigation properties like manager and direct reports. The full profile includes all of the declared properties of the User entity. To read the groups that a user is a member of, the app will also require either Group.Read.All or Group.ReadWrite.All.",
preview: false,
admin: true,
},
{
name: "User.ReadWrite.All",
description: "Read and write all user's full profiles",
longDescription: "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.",
preview: false,
admin: true,
},
{
name: "People.Read.All",
description: "Read all users' relevant people lists and search the directory",
longDescription: "Allows the app to read a scored list of relevant people of the signed-in user or other users in the signed-in user's organization. The list can include local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype).",
preview: false,
admin: true,
},
{
name: "IdentityRiskEvent.Read.All",
description: "Read identity risk event information (preview)",
longDescription: "Allows the app to read identity risk event information for all users in your organization on behalf of the signed-in user.",
preview: true,
admin: true,
},
{
name: "DeviceManagementServiceConfig.Read.All",
description: "Read Microsoft Intune configuration (preview)",
longDescription: "Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration.",
preview: true,
admin: true,
},
{
name: "DeviceManagementServiceConfig.ReadWrite.All",
description: "Read and write Microsoft Intune configuration (preview)",
longDescription: "Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration.",
preview: true,
admin: true,
},
{
name: "DeviceManagementConfiguration.Read.All",
description: "Read Microsoft Intune device configuration and policies (preview)",
longDescription: "Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.",
preview: true,
admin: true,
},
{
name: "DeviceManagementConfiguration.ReadWrite.All",
description: "Read and write Microsoft Intune device configuration and policies (preview)",
longDescription: "Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.",
preview: true,
admin: true,
},
{
name: "DeviceManagementApps.Read.All",
description: "Read Microsoft Intune apps (preview)",
longDescription: "Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune.",
preview: true,
admin: true,
},
{
name: "DeviceManagementApps.ReadWrite.All",
description: "Read and write Microsoft Intune apps (preview)",
longDescription: "Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune.",
preview: true,
admin: true,
},
{
name: "DeviceManagementRBAC.Read.All",
description: "Read Microsoft Intune RBAC settings (preview)",
longDescription: "Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.",
preview: true,
admin: true,
},
{
name: "DeviceManagementRBAC.ReadWrite.All",
description: "Read and write Microsoft Intune RBAC settings (preview)",
longDescription: "Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.",
preview: true,
admin: true,
},
{
name: "DeviceManagementManagedDevices.Read.All",
description: "Read Microsoft Intune devices (preview)",
longDescription: "Allows the app to read the properties of devices managed by Microsoft Intune.",
preview: true,
admin: true,
},
{
name: "DeviceManagementManagedDevices.ReadWrite.All",
description: "Read and write Microsoft Intune devices (preview)",
longDescription: "Allows the app to read and write the properties of devices managed by Microsoft Intune. Does not allow high impact operations such as remote wipe and password reset on the device’s owner.",
preview: true,
admin: true,
},
{
name: "DeviceManagementManagedDevices.PrivilegedOperations.All",
description: "Perform user-impacting remote actions on Microsoft Intune devices (preview)",
longDescription: "Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.",
preview: true,
admin: true
},
{
name: "Reports.Read.All",
description: "Read all usage reports",
longDescription: "Allows an app to read all service usage reports without a signed-in user. Services that provide usage reports include Office 365 and Azure Active Directory.",
preview: true,
admin: true
}
]