defaultUserRolePermissions resource type

Contains certain customizable permissions of default user role in Azure Active Directory (AD).

Properties

Property Type Description
allowedToCreateApps Boolean Indicates whether the default user role can create applications.
allowedToCreateSecurityGroups Boolean Indicates whether the default user role can create security groups.
allowedToReadOtherUsers Boolean Indicates whether the default user role can read other users.
permissionGrantPoliciesAssigned String collection Indicates if user consent to apps is allowed, and if it is, which permission to grant consent and which app consent policy (permissionGrantPolicy) govern the permission for users to grant consent. Value should be in the format managePermissionGrantsForSelf.{id}, where {id} is the id of a built-in or custom app consent policy. An empty list indicates user consent to apps is disabled.

Relationships

None.

JSON representation

The following is a JSON representation of the resource.

{
  "allowedToCreateApps": true,
  "allowedToCreateSecurityGroups": true,
  "allowedToReadOtherUsers": true,
  "permissionGrantPoliciesAssigned": ["String"]
}