You cant scope those perms to specific objects so you have to read all to view the entire directory.
Why is Directory/Group/User.Read.All permission needed for User provisioning?
johan persson
0
Reputation points
Hi! When adding specific users and groups to an app related to user provisioning for an external application, and only those specific users are relevant, why is any XYZ.Read.All permission needed? Only the specifically added users and groups are relevant and not users of the full directory/tenant. Is there any way to avoid adding these permissions? BR /Johan