SharePoint Embedded Administrator 1a7d78b6-429f-476b-b8eb-35fb715fffd4 Microsoft Entra Id

SharePoint Embedded Administrator - 1a7d78b6-429f-476b-b8eb-35fb715fffd4
Entra Id Role definition

{

id: "1a7d78b6-429f-476b-b8eb-35fb715fffd4",
displayName: "SharePoint Embedded Administrator",
description: "Manage all aspects of SharePoint Embedded containers.",
richDescription: "Assign the SharePoint Embedded Administrator role to users who need to do the following tasks: * Perform all tasks using PowerShell, Microsoft Graph API, or SharePoint admin center * Manage, configure, and maintain SharePoint Embedded containers * Enumerate and manage SharePoint Embedded containers * Enumerate and manage permissions for SharePoint Embedded containers * Manage storage of SharePoint Embedded containers in a tenant * Assign security and compliance policies on SharePoint Embedded containers * Apply security and compliance policies on SharePoint Embedded containers in a tenant",
privileged: false,
categories: "collaboration",
permissionsTotal: 60,
operationActionsCount: 60,
permissionsDirect: 6,
permissionsInherited: true,
permissionsInheritedCount: 54,
permissionsDirectAndInheritedCount: 0,
permissionsDirectAndInherited: null,
permissionsInheritedFrom: [1 item
- {2 items
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
  - displayName: "Directory Readers"
  }
],
permissionsInheritedToCount: 0,
permissionsInheritedTo: null,
permissionsConditionedCount: 0,
permissionsUnConditionedCount: 60,
permissionConditioned: [],
permissionsPrivileged: 0,
permissionsNamespacesCount: 7,
permissionsNamespaces: [7 items
- {1 item
  - microsoft.directory: 54
  },
- {1 item
  - microsoft.office365.fileStorageContainers: 1
  },
- {1 item
  - microsoft.office365.network: 1
  },
- {1 item
  - microsoft.office365.serviceHealth: 1
  },
- {1 item
  - microsoft.office365.supportTickets: 1
  },
- {1 item
  - microsoft.office365.usageReports: 1
  },
- {1 item
  - microsoft.office365.webPortal: 1
  }
],
permissionActionsCount: 2,
permissionActions: [2 items
- {1 item
  - allTasks: 3
  },
- {1 item
  - read: 57
  }
],
permissionVerbsCount: 2,
permissionVerbs: [2 items
- {1 item
  - GET: 57
  },
- {1 item
  - n/a: 3
  }
],
permissionsConsentPolicyAppliesCount: 0,
permissionsConsentPolicies: null,
permissions: [60 items
- {1 item
  - microsoft.directory/administrativeUnits/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read members of administrative units",
      - id: "microsoft.directory-administrativeUnits-members-read-get",
      - name: "microsoft.directory/administrativeUnits/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/administrativeUnits/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on administrative units",
      - id: "microsoft.directory-administrativeUnits-standard-read-get",
      - name: "microsoft.directory/administrativeUnits/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applicationPolicies/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of application policies",
      - id: "microsoft.directory-applicationPolicies-standard-read-get",
      - name: "microsoft.directory/applicationPolicies/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of applications",
      - id: "microsoft.directory-applications-owners-read-get",
      - name: "microsoft.directory/applications/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/policies/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read policies of applications",
      - id: "microsoft.directory-applications-policies-read-get",
      - name: "microsoft.directory/applications/policies/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/applications/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of applications",
      - id: "microsoft.directory-applications-standard-read-get",
      - name: "microsoft.directory/applications/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contacts/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group membership for all contacts in Microsoft Entra ID",
      - id: "microsoft.directory-contacts-memberOf-read-get",
      - name: "microsoft.directory/contacts/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contacts/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on contacts in Microsoft Entra ID",
      - id: "microsoft.directory-contacts-standard-read-get",
      - name: "microsoft.directory/contacts/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/contracts/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on partner contracts",
      - id: "microsoft.directory-contracts-standard-read-get",
      - name: "microsoft.directory/contracts/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read device memberships",
      - id: "microsoft.directory-devices-memberOf-read-get",
      - name: "microsoft.directory/devices/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/registeredOwners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered owners of devices",
      - id: "microsoft.directory-devices-registeredOwners-read-get",
      - name: "microsoft.directory/devices/registeredOwners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/registeredUsers/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered users of devices",
      - id: "microsoft.directory-devices-registeredUsers-read-get",
      - name: "microsoft.directory/devices/registeredUsers/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/devices/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on devices",
      - id: "microsoft.directory-devices-standard-read-get",
      - name: "microsoft.directory/devices/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/eligibleMembers/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the eligible members of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-eligibleMembers-read-get",
      - name: "microsoft.directory/directoryRoles/eligibleMembers/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all members of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-members-read-get",
      - name: "microsoft.directory/directoryRoles/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/directoryRoles/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of Microsoft Entra roles",
      - id: "microsoft.directory-directoryRoles-standard-read-get",
      - name: "microsoft.directory/directoryRoles/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/domains/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on domains",
      - id: "microsoft.directory-domains-standard-read-get",
      - name: "microsoft.directory/domains/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read application role assignments of groups",
      - id: "microsoft.directory-groups-appRoleAssignments-read-get",
      - name: "microsoft.directory/groups/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the memberOf property on Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-memberOf-read-get",
      - name: "microsoft.directory/groups/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/members/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read members of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-members-read-get",
      - name: "microsoft.directory/groups/members/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-owners-read-get",
      - name: "microsoft.directory/groups/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/settings/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read settings of groups",
      - id: "microsoft.directory-groups-settings-read-get",
      - name: "microsoft.directory/groups/settings/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groups/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read standard properties of Security groups and Microsoft 365 groups, including role-assignable groups",
      - id: "microsoft.directory-groups-standard-read-get",
      - name: "microsoft.directory/groups/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groupSettings/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on group settings",
      - id: "microsoft.directory-groupSettings-standard-read-get",
      - name: "microsoft.directory/groupSettings/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/groupSettingTemplates/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on group setting templates",
      - id: "microsoft.directory-groupSettingTemplates-standard-read-get",
      - name: "microsoft.directory/groupSettingTemplates/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/oAuth2PermissionGrants/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on OAuth 2.0 permission grants",
      - id: "microsoft.directory-oAuth2PermissionGrants-standard-read-get",
      - name: "microsoft.directory/oAuth2PermissionGrants/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on an organization",
      - id: "microsoft.directory-organization-standard-read-get",
      - name: "microsoft.directory/organization/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/organization/trustedCAsForPasswordlessAuth/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read trusted certificate authorities for passwordless authentication",
      - id: "microsoft.directory-organization-trustedCAsForPasswordlessAuth-read-get",
      - name: "microsoft.directory/organization/trustedCAsForPasswordlessAuth/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/roleAssignments/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on role assignments",
      - id: "microsoft.directory-roleAssignments-standard-read-get",
      - name: "microsoft.directory/roleAssignments/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/roleDefinitions/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on role definitions",
      - id: "microsoft.directory-roleDefinitions-standard-read-get",
      - name: "microsoft.directory/roleDefinitions/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignedTo/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read service principal role assignments",
      - id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-read-get",
      - name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read role assignments assigned to service principals",
      - id: "microsoft.directory-servicePrincipals-appRoleAssignments-read-get",
      - name: "microsoft.directory/servicePrincipals/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group memberships on service principals",
      - id: "microsoft.directory-servicePrincipals-memberOf-read-get",
      - name: "microsoft.directory/servicePrincipals/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read delegated permission grants on service principals",
      - id: "microsoft.directory-servicePrincipals-oAuth2PermissionGrants-read-get",
      - name: "microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/ownedObjects/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned objects of service principals",
      - id: "microsoft.directory-servicePrincipals-ownedObjects-read-get",
      - name: "microsoft.directory/servicePrincipals/ownedObjects/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/owners/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owners of service principals",
      - id: "microsoft.directory-servicePrincipals-owners-read-get",
      - name: "microsoft.directory/servicePrincipals/owners/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/policies/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read policies of service principals",
      - id: "microsoft.directory-servicePrincipals-policies-read-get",
      - name: "microsoft.directory/servicePrincipals/policies/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/servicePrincipals/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties of service principals",
      - id: "microsoft.directory-servicePrincipals-standard-read-get",
      - name: "microsoft.directory/servicePrincipals/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/subscribedSkus/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on subscriptions",
      - id: "microsoft.directory-subscribedSkus-standard-read-get",
      - name: "microsoft.directory/subscribedSkus/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/appRoleAssignments/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read application role assignments for users",
      - id: "microsoft.directory-users-appRoleAssignments-read-get",
      - name: "microsoft.directory/users/appRoleAssignments/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/deviceForResourceAccount/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read deviceForResourceAccount of users",
      - id: "microsoft.directory-users-deviceForResourceAccount-read-get",
      - name: "microsoft.directory/users/deviceForResourceAccount/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/directReports/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the direct reports for users",
      - id: "microsoft.directory-users-directReports-read-get",
      - name: "microsoft.directory/users/directReports/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/invitedBy/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the user that invited an external user to a tenant",
      - id: "microsoft.directory-users-invitedBy-read-get",
      - name: "microsoft.directory/users/invitedBy/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/licenseDetails/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read license details of users",
      - id: "microsoft.directory-users-licenseDetails-read-get",
      - name: "microsoft.directory/users/licenseDetails/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/manager/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read manager of users",
      - id: "microsoft.directory-users-manager-read-get",
      - name: "microsoft.directory/users/manager/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/memberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read the group memberships of users",
      - id: "microsoft.directory-users-memberOf-read-get",
      - name: "microsoft.directory/users/memberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/oAuth2PermissionGrants/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read delegated permission grants on users",
      - id: "microsoft.directory-users-oAuth2PermissionGrants-read-get",
      - name: "microsoft.directory/users/oAuth2PermissionGrants/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/ownedDevices/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned devices of users",
      - id: "microsoft.directory-users-ownedDevices-read-get",
      - name: "microsoft.directory/users/ownedDevices/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/ownedObjects/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read owned objects of users",
      - id: "microsoft.directory-users-ownedObjects-read-get",
      - name: "microsoft.directory/users/ownedObjects/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/photo/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read photo of users",
      - id: "microsoft.directory-users-photo-read-get",
      - name: "microsoft.directory/users/photo/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/registeredDevices/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read registered devices of users",
      - id: "microsoft.directory-users-registeredDevices-read-get",
      - name: "microsoft.directory/users/registeredDevices/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/scopedRoleMemberOf/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read user's membership of a Microsoft Entra role, that is scoped to an administrative unit",
      - id: "microsoft.directory-users-scopedRoleMemberOf-read-get",
      - name: "microsoft.directory/users/scopedRoleMemberOf/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/sponsors/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read sponsors of users",
      - id: "microsoft.directory-users-sponsors-read-get",
      - name: "microsoft.directory/users/sponsors/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.directory/users/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "inherited",
      - inheritedFrom: [1 item
        {2 items
        id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        displayName: "Directory Readers"
        }
        ],
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on users",
      - id: "microsoft.directory-users-standard-read-get",
      - name: "microsoft.directory/users/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.fileStorageContainers/allEntities/allProperties/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Manage all aspects of SharePoint Embedded containers",
      - id: "microsoft.office365.fileStorageContainers-allEntities-allProperties-allTasks",
      - name: "microsoft.office365.fileStorageContainers/allEntities/allProperties/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.network/performance/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read all network performance properties in the Microsoft 365 admin center",
      - id: "microsoft.office365.network-performance-allProperties-read-get",
      - name: "microsoft.office365.network/performance/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.serviceHealth/allEntities/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Read and configure Service Health in the Microsoft 365 admin center",
      - id: "microsoft.office365.serviceHealth-allEntities-allTasks",
      - name: "microsoft.office365.serviceHealth/allEntities/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.supportTickets/allEntities/allTasks: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "allTasks"
      },
    - permissionDetails: {6 items
      - actionVerb: "n/a",
      - description: "Create and manage Microsoft 365 service requests",
      - id: "microsoft.office365.supportTickets-allEntities-allTasks",
      - name: "microsoft.office365.supportTickets/allEntities/allTasks",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.usageReports/allEntities/allProperties/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read Office 365 usage reports",
      - id: "microsoft.office365.usageReports-allEntities-allProperties-read-get",
      - name: "microsoft.office365.usageReports/allEntities/allProperties/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  },
- {1 item
  - microsoft.office365.webPortal/allEntities/standard/read: {2 items
    - permissionAdditionalInfo: {4 items
      - applicability: "direct",
      - inheritedFrom: null,
      - condition: null,
      - permissionAction: "read"
      },
    - permissionDetails: {6 items
      - actionVerb: "GET",
      - description: "Read basic properties on all resources in the Microsoft 365 admin center",
      - id: "microsoft.office365.webPortal-allEntities-standard-read-get",
      - name: "microsoft.office365.webPortal/allEntities/standard/read",
      - resourceScopeId: null,
      - isPrivileged: false
      }
    }
  }
]

}

{

@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions/$entity",
id: "1a7d78b6-429f-476b-b8eb-35fb715fffd4",
description: "Manage all aspects of SharePoint Embedded containers.",
displayName: "SharePoint Embedded Administrator",
isBuiltIn: true,
isEnabled: true,
resourceScopes: [1 item
- "/"
],
templateId: "1a7d78b6-429f-476b-b8eb-35fb715fffd4",
version: "1",
rolePermissions: [1 item
- {2 items
  - allowedResourceActions: [6 items
    - "microsoft.office365.fileStorageContainers/allEntities/allProperties/allTasks",
    - "microsoft.office365.network/performance/allProperties/read",
    - "microsoft.office365.serviceHealth/allEntities/allTasks",
    - "microsoft.office365.supportTickets/allEntities/allTasks",
    - "microsoft.office365.usageReports/allEntities/allProperties/read",
    - "microsoft.office365.webPortal/allEntities/standard/read"
    ],
  - condition: null
  }
],
inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions('1a7d78b6-429f-476b-b8eb-35fb715fffd4')/inheritsPermissionsFrom",
inheritsPermissionsFrom: [1 item
- {1 item
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
  }
]

}

{

@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions/$entity",
id: "1a7d78b6-429f-476b-b8eb-35fb715fffd4",
assignmentMode: "allowed",
categories: "collaboration",
description: "Manage all aspects of SharePoint Embedded containers.",
displayName: "SharePoint Embedded Administrator",
isBuiltIn: true,
isEnabled: true,
isPrivileged: false,
resourceScopes: [1 item
- "/"
],
richDescription: "Assign the SharePoint Embedded Administrator role to users who need to do the following tasks: * Perform all tasks using PowerShell, Microsoft Graph API, or SharePoint admin center * Manage, configure, and maintain SharePoint Embedded containers * Enumerate and manage SharePoint Embedded containers * Enumerate and manage permissions for SharePoint Embedded containers * Manage storage of SharePoint Embedded containers in a tenant * Assign security and compliance policies on SharePoint Embedded containers * Apply security and compliance policies on SharePoint Embedded containers in a tenant",
templateId: "1a7d78b6-429f-476b-b8eb-35fb715fffd4",
version: "1",
rolePermissions: [1 item
- {2 items
  - allowedResourceActions: [6 items
    - "microsoft.office365.fileStorageContainers/allEntities/allProperties/allTasks",
    - "microsoft.office365.network/performance/allProperties/read",
    - "microsoft.office365.serviceHealth/allEntities/allTasks",
    - "microsoft.office365.supportTickets/allEntities/allTasks",
    - "microsoft.office365.usageReports/allEntities/allProperties/read",
    - "microsoft.office365.webPortal/allEntities/standard/read"
    ],
  - condition: null
  }
],
inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('1a7d78b6-429f-476b-b8eb-35fb715fffd4')/inheritsPermissionsFrom",
inheritsPermissionsFrom: [1 item
- {1 item
  - id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
  }
]

}

SharePoint Embedded Administrator - 1a7d78b6-429f-476b-b8eb-35fb715fffd4Entra Id Role definition

SharePoint Embedded Administrator - 1a7d78b6-429f-476b-b8eb-35fb715fffd4
Entra Id Role definition