permissionScope resource type
Namespace: microsoft.graph
Represents the definition of a delegated permission.
Delegated permissions can be requested by client applications needing an access token to the API that defined the permissions. Delegated permissions can be requested dynamically, using the scopes parameter in an authorization request to the Microsoft identity platform, or statically, through the requiredResourceAccess collection on the application object.
Properties
| Property | Type | Description |
|---|---|---|
| adminConsentDescription | String | A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users. This text appears in tenant-wide admin consent experiences. |
| adminConsentDisplayName | String | The permission's title, intended to be read by an administrator granting the permission on behalf of all users. |
| id | Guid | Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application. |
| isEnabled | Boolean | When you create or update a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false. At that point, in a subsequent call, the permission may be removed. |
| type | String | The possible values are: User and Admin. Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator consent should always be required. While Microsoft Graph defines the default consent requirement for each permission, the tenant administrator may override the behavior in their organization (by allowing, restricting, or limiting user consent to this delegated permission). For more information, see Configure how users consent to applications. |
| userConsentDescription | String | A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves. |
| userConsentDisplayName | String | A title for the permission, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves. |
| value | String | Specifies the value to include in the scp (scope) claim in access tokens. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ + _ ` { | } ~, and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with .. |
JSON representation
The following JSON representation shows the resource type.
{
"id": "Guid",
"adminConsentDisplayName": "String",
"adminConsentDescription": "String",
"userConsentDisplayName": "String",
"userConsentDescription": "String",
"value": "String",
"type": "String",
"isEnabled": true
}