JSON enriched
Copy JSON enriched
{ 29 items id: "e8611ab8-c189-46e8-94e1-60213ab1f814" , displayName: "Privileged Role Administrator" , description: "Can manage role assignments in Microsoft Entra ID, and all aspects of Privileged Identity Management." , richDescription: "Users with this role can manage role assignments in Microsoft Entra ID, as well as within Microsoft Entra Privileged Identity Management. In addition, this role allows management of all aspects of Privileged Identity Management." , privileged: true , categories: "identity" , permissionsTotal: 82 , operationActionsCount: 84 , permissionsDirect: 28 , permissionsInherited: true , permissionsInheritedCount: 54 , permissionsDirectAndInheritedCount: 0 , permissionsDirectAndInherited: null , permissionsInheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , permissionsInheritedToCount: 0 , permissionsInheritedTo: null , permissionsConditionedCount: 0 , permissionsUnConditionedCount: 82 , permissionConditioned: [] , permissionsPrivileged: 2 , permissionsNamespacesCount: 2 , permissionsNamespaces: [ 2 items ] , permissionActionsCount: 9 , permissionActions: [ 9 items ] , permissionVerbsCount: 5 , permissionVerbs: [ 5 items ] , permissionsConsentPolicyAppliesCount: 1 , permissionsConsentPolicies: { 1 item } , permissions: [ 82 items { 1 item } , { 1 item } , { 1 item microsoft.directory/accessReviews/definitions.groups/allProperties/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read all properties of access reviews for membership in Security and Microsoft 365 groups, including role-assignable groups." , id: "microsoft.directory-accessReviews-definitions.groups-allProperties-read-get" , name: "microsoft.directory/accessReviews/definitions.groups/allProperties/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/administrativeUnits/members/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read members of administrative units" , id: "microsoft.directory-administrativeUnits-members-read-get" , name: "microsoft.directory/administrativeUnits/members/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/administrativeUnits/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on administrative units" , id: "microsoft.directory-administrativeUnits-standard-read-get" , name: "microsoft.directory/administrativeUnits/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/applicationPolicies/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read standard properties of application policies" , id: "microsoft.directory-applicationPolicies-standard-read-get" , name: "microsoft.directory/applicationPolicies/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/applications/owners/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owners of applications" , id: "microsoft.directory-applications-owners-read-get" , name: "microsoft.directory/applications/owners/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/applications/policies/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read policies of applications" , id: "microsoft.directory-applications-policies-read-get" , name: "microsoft.directory/applications/policies/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/applications/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read standard properties of applications" , id: "microsoft.directory-applications-standard-read-get" , name: "microsoft.directory/applications/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/contacts/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the group membership for all contacts in Microsoft Entra ID" , id: "microsoft.directory-contacts-memberOf-read-get" , name: "microsoft.directory/contacts/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/contacts/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on contacts in Microsoft Entra ID" , id: "microsoft.directory-contacts-standard-read-get" , name: "microsoft.directory/contacts/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/contracts/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on partner contracts" , id: "microsoft.directory-contracts-standard-read-get" , name: "microsoft.directory/contracts/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/devices/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read device memberships" , id: "microsoft.directory-devices-memberOf-read-get" , name: "microsoft.directory/devices/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/devices/registeredOwners/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read registered owners of devices" , id: "microsoft.directory-devices-registeredOwners-read-get" , name: "microsoft.directory/devices/registeredOwners/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/devices/registeredUsers/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read registered users of devices" , id: "microsoft.directory-devices-registeredUsers-read-get" , name: "microsoft.directory/devices/registeredUsers/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/devices/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on devices" , id: "microsoft.directory-devices-standard-read-get" , name: "microsoft.directory/devices/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/directoryRoles/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete directory roles, and read and update all properties" , id: "microsoft.directory-directoryRoles-allProperties-allTasks" , name: "microsoft.directory/directoryRoles/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/directoryRoles/eligibleMembers/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the eligible members of Microsoft Entra roles" , id: "microsoft.directory-directoryRoles-eligibleMembers-read-get" , name: "microsoft.directory/directoryRoles/eligibleMembers/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/directoryRoles/members/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read all members of Microsoft Entra roles" , id: "microsoft.directory-directoryRoles-members-read-get" , name: "microsoft.directory/directoryRoles/members/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/directoryRoles/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties of Microsoft Entra roles" , id: "microsoft.directory-directoryRoles-standard-read-get" , name: "microsoft.directory/directoryRoles/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/domains/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on domains" , id: "microsoft.directory-domains-standard-read-get" , name: "microsoft.directory/domains/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/appRoleAssignments/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read application role assignments of groups" , id: "microsoft.directory-groups-appRoleAssignments-read-get" , name: "microsoft.directory/groups/appRoleAssignments/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the memberOf property on Security groups and Microsoft 365 groups, including role-assignable groups" , id: "microsoft.directory-groups-memberOf-read-get" , name: "microsoft.directory/groups/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/members/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read members of Security groups and Microsoft 365 groups, including role-assignable groups" , id: "microsoft.directory-groups-members-read-get" , name: "microsoft.directory/groups/members/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/owners/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owners of Security groups and Microsoft 365 groups, including role-assignable groups" , id: "microsoft.directory-groups-owners-read-get" , name: "microsoft.directory/groups/owners/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/settings/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read settings of groups" , id: "microsoft.directory-groups-settings-read-get" , name: "microsoft.directory/groups/settings/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groups/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read standard properties of Security groups and Microsoft 365 groups, including role-assignable groups" , id: "microsoft.directory-groups-standard-read-get" , name: "microsoft.directory/groups/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/groupSettings/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on group settings" , id: "microsoft.directory-groupSettings-standard-read-get" , name: "microsoft.directory/groupSettings/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/groupSettingTemplates/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on group setting templates" , id: "microsoft.directory-groupSettingTemplates-standard-read-get" , name: "microsoft.directory/groupSettingTemplates/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete OAuth 2.0 permission grants, and read and update all properties" , id: "microsoft.directory-oAuth2PermissionGrants-allProperties-allTasks" , name: "microsoft.directory/oAuth2PermissionGrants/allProperties/allTasks" , resourceScopeId: null , isPrivileged: true } } } , { 1 item microsoft.directory/oAuth2PermissionGrants/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on OAuth 2.0 permission grants" , id: "microsoft.directory-oAuth2PermissionGrants-standard-read-get" , name: "microsoft.directory/oAuth2PermissionGrants/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/organization/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on an organization" , id: "microsoft.directory-organization-standard-read-get" , name: "microsoft.directory/organization/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/organization/trustedCAsForPasswordlessAuth/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read trusted certificate authorities for passwordless authentication" , id: "microsoft.directory-organization-trustedCAsForPasswordlessAuth-read-get" , name: "microsoft.directory/organization/trustedCAsForPasswordlessAuth/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item } , { 1 item } , { 1 item } , { 1 item microsoft.directory/privilegedIdentityManagement/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete all resources, and read and update standard properties in Privileged Identity Management" , id: "microsoft.directory-privilegedIdentityManagement-allProperties-allTasks" , name: "microsoft.directory/privilegedIdentityManagement/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/roleAssignments/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete role assignments, and read and update all role assignment properties" , id: "microsoft.directory-roleAssignments-allProperties-allTasks" , name: "microsoft.directory/roleAssignments/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/roleAssignments/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on role assignments" , id: "microsoft.directory-roleAssignments-standard-read-get" , name: "microsoft.directory/roleAssignments/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/roleDefinitions/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete role definitions, and read and update all properties" , id: "microsoft.directory-roleDefinitions-allProperties-allTasks" , name: "microsoft.directory/roleDefinitions/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/roleDefinitions/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on role definitions" , id: "microsoft.directory-roleDefinitions-standard-read-get" , name: "microsoft.directory/roleDefinitions/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/scopedRoleMemberships/allProperties/allTasks: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "allTasks" } , permissionDetails: { 6 items actionVerb: "n/a" , description: "Create and delete scopedRoleMemberships, and read and update all properties" , id: "microsoft.directory-scopedRoleMemberships-allProperties-allTasks" , name: "microsoft.directory/scopedRoleMemberships/allProperties/allTasks" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/appRoleAssignedTo/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read service principal role assignments" , id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-read-get" , name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/appRoleAssignedTo/update: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "update" } , permissionDetails: [ 2 items { 6 items actionVerb: "DELETE" , description: "Update service principal role assignments" , id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-update-delete" , name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/update" , resourceScopeId: null , isPrivileged: false } , { 6 items actionVerb: "POST" , description: "Update service principal role assignments" , id: "microsoft.directory-servicePrincipals-appRoleAssignedTo-update-post" , name: "microsoft.directory/servicePrincipals/appRoleAssignedTo/update" , resourceScopeId: null , isPrivileged: false } ] } } , { 1 item microsoft.directory/servicePrincipals/appRoleAssignments/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read role assignments assigned to service principals" , id: "microsoft.directory-servicePrincipals-appRoleAssignments-read-get" , name: "microsoft.directory/servicePrincipals/appRoleAssignments/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin: { 2 items permissionAdditionalInfo: { 4 items applicability: "direct" , inheritedFrom: null , condition: null , permissionAction: "managePermissionGrantsForAll" } , permissionDetails: [ 2 items { 6 items actionVerb: "n/a" , description: "Grant consent for any permission to any application" , id: "microsoft.directory-servicePrincipals-managePermissionGrantsForAll.microsoft-company-admin" , name: "microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin" , resourceScopeId: null , isPrivileged: false } , { 6 items actionVerb: "POST" , description: "Grant consent to delegated permissions on behalf of any user or all users" , id: "microsoft.directory-servicePrincipals-managePermissionGrantsForAll.microsoft-company-admin-post" , name: "microsoft.directory/servicePrincipals/managePermissionGrantsForAll.microsoft-company-admin" , resourceScopeId: null , isPrivileged: false } ] } } , { 1 item microsoft.directory/servicePrincipals/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the group memberships on service principals" , id: "microsoft.directory-servicePrincipals-memberOf-read-get" , name: "microsoft.directory/servicePrincipals/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read delegated permission grants on service principals" , id: "microsoft.directory-servicePrincipals-oAuth2PermissionGrants-read-get" , name: "microsoft.directory/servicePrincipals/oAuth2PermissionGrants/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/ownedObjects/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owned objects of service principals" , id: "microsoft.directory-servicePrincipals-ownedObjects-read-get" , name: "microsoft.directory/servicePrincipals/ownedObjects/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/owners/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owners of service principals" , id: "microsoft.directory-servicePrincipals-owners-read-get" , name: "microsoft.directory/servicePrincipals/owners/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } , { 1 item microsoft.directory/servicePrincipals/policies/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read policies of service principals" , id: "microsoft.directory-servicePrincipals-policies-read-get" , name: "microsoft.directory/servicePrincipals/policies/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/servicePrincipals/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties of service principals" , id: "microsoft.directory-servicePrincipals-standard-read-get" , name: "microsoft.directory/servicePrincipals/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/subscribedSkus/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on subscriptions" , id: "microsoft.directory-subscribedSkus-standard-read-get" , name: "microsoft.directory/subscribedSkus/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/appRoleAssignments/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read application role assignments for users" , id: "microsoft.directory-users-appRoleAssignments-read-get" , name: "microsoft.directory/users/appRoleAssignments/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/deviceForResourceAccount/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read deviceForResourceAccount of users" , id: "microsoft.directory-users-deviceForResourceAccount-read-get" , name: "microsoft.directory/users/deviceForResourceAccount/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/directReports/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the direct reports for users" , id: "microsoft.directory-users-directReports-read-get" , name: "microsoft.directory/users/directReports/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/invitedBy/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the user that invited an external user to a tenant" , id: "microsoft.directory-users-invitedBy-read-get" , name: "microsoft.directory/users/invitedBy/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/licenseDetails/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read license details of users" , id: "microsoft.directory-users-licenseDetails-read-get" , name: "microsoft.directory/users/licenseDetails/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/manager/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read manager of users" , id: "microsoft.directory-users-manager-read-get" , name: "microsoft.directory/users/manager/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/memberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read the group memberships of users" , id: "microsoft.directory-users-memberOf-read-get" , name: "microsoft.directory/users/memberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/oAuth2PermissionGrants/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read delegated permission grants on users" , id: "microsoft.directory-users-oAuth2PermissionGrants-read-get" , name: "microsoft.directory/users/oAuth2PermissionGrants/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/ownedDevices/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owned devices of users" , id: "microsoft.directory-users-ownedDevices-read-get" , name: "microsoft.directory/users/ownedDevices/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/ownedObjects/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read owned objects of users" , id: "microsoft.directory-users-ownedObjects-read-get" , name: "microsoft.directory/users/ownedObjects/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/photo/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read photo of users" , id: "microsoft.directory-users-photo-read-get" , name: "microsoft.directory/users/photo/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/registeredDevices/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read registered devices of users" , id: "microsoft.directory-users-registeredDevices-read-get" , name: "microsoft.directory/users/registeredDevices/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/scopedRoleMemberOf/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read user's membership of a Microsoft Entra role, that is scoped to an administrative unit" , id: "microsoft.directory-users-scopedRoleMemberOf-read-get" , name: "microsoft.directory/users/scopedRoleMemberOf/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/sponsors/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read sponsors of users" , id: "microsoft.directory-users-sponsors-read-get" , name: "microsoft.directory/users/sponsors/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item microsoft.directory/users/standard/read: { 2 items permissionAdditionalInfo: { 4 items applicability: "inherited" , inheritedFrom: [ 1 item { 2 items id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" , displayName: "Directory Readers" } ] , condition: null , permissionAction: "read" } , permissionDetails: { 6 items actionVerb: "GET" , description: "Read basic properties on users" , id: "microsoft.directory-users-standard-read-get" , name: "microsoft.directory/users/standard/read" , resourceScopeId: null , isPrivileged: false } } } , { 1 item } ] }