permissionScope resource type

Namespace: microsoft.graph

Represents the definition of a delegated permission.

Delegated permissions can be requested by client applications needing an access token to the API which defined the permissions. Delegated permissions can be requested dynamically, using the scopes parameter in an authorization request to the Microsoft identity platform, or statically, through the requiredResourceAccess collection on the application object.

Properties

Property Type Description
adminConsentDescription String A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users. This text appears in tenant-wide admin consent experiences.
adminConsentDisplayName String The permission's title, intended to be read by an administrator granting the permission on behalf of all users.
id Guid Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application.
isEnabled Boolean When creating or updating a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false. At that point, in a subsequent call, the permission may be removed.
type String The possible values are: User and Admin. Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator consent should always be required. While Microsoft Graph defines the default consent requirement for each permission, the tenant administrator may override the behavior in their organization (by allowing, restricting, or limiting user consent to this delegated permission). For more information, see Configure how users consent to applications.
userConsentDescription String A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves.
userConsentDisplayName String A title for the permission, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves.
value String Specifies the value to include in the scp (scope) claim in access tokens. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ + _ ` { | } ~, as well as characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, are not allowed. May not begin with ..

JSON representation

Here is a JSON representation of the resource

{
  "id": "Guid",
  "adminConsentDisplayName": "String",
  "adminConsentDescription": "String",
  "userConsentDisplayName": "String",
  "userConsentDescription": "String",
  "value": "String",
  "type": "String",
  "isEnabled": true
}