Hello Lars Peter!
Ideally the MS Graph API permissions determine the scope of access that an application or user has over user’s data. Indeed by design some permissions are more privileged than others, and some permissions are subsets of others. Microsoft Graph API permissions are hierarchical, with some permissions being more privileged than others. For example, the Directory.Read.All
permission is more privileged than the Directory.Read
permission because it grants access to all directories in the organization.
Given there are a myriad of endpoints exposed, I would advise that you refer to the documentation page that lists all of the permissions, descriptions and the resources they can access. You can find it here: https://docs.microsoft.com/en-us/graph/permissions-reference
You can also find a detailed documentation on the Microsoft Graph permissions relationships and dependencies, which explains how some permissions are subsets of others and which permissions require admin consent. You can find it here: https://docs.microsoft.com/en-us/graph/permissions-reference#permissions-dependencies-and-delegations
I hope this helps.