Skip to content

Weekly Permissions sync 2026-03-10#1465

Open
marabooy wants to merge 1 commit intomasterfrom
permissions-update/2026-03-10
Open

Weekly Permissions sync 2026-03-10#1465
marabooy wants to merge 1 commit intomasterfrom
permissions-update/2026-03-10

Conversation

@marabooy
Copy link
Contributor

@marabooy marabooy commented Mar 10, 2026

Weekly Permissions sync 2026-03-10

@marabooy marabooy requested a review from a team as a code owner March 10, 2026 20:41
Copilot AI review requested due to automatic review settings March 10, 2026 20:41
Copilot AI reviewed Mar 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Weekly permissions sync updating the permissions catalog for privileged access/role management scenarios, including new hidden provisioning entries and API path casing normalization for privilegedAccess group endpoints.

Changes:

  • Added hidden provisioningInfo entries for several *.EntraAppRole permissions (DelegatedWork + Application).
  • Normalized several privilegedAccess/group API paths in permissions.json (notably filterByCurrentUser and camelCase resource segments).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.

File Description
permissions/new/provisioningInfo.json Adds hidden provisioning metadata for new EntraAppRole-scoped privileged access permissions.
permissions/new/permissions.json Updates privilegedAccess/group path strings to corrected casing for instances/requests/schedules endpoints.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

permissions/new/permissions.json
Comment on lines +41309 to +41311
"/identityGovernance/privilegedAccess/group/assignmentscheduleInstances": "",
"/identityGovernance/privilegedAccess/group/assignmentscheduleInstances/{id}": "",
"/identityGovernance/privilegedAccess/group/assignmentscheduleInstances/filterByCurrentUser(on={value})": "",
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this pathSet the assignmentScheduleInstances segment is still spelled as assignmentscheduleInstances (lowercase s), while the read-only permission just above uses /assignmentScheduleInstances. This inconsistency is likely to break path matching; update these three paths to use the same casing as the canonical endpoint.

Copilot uses AI. Check for mistakes.
permissions/new/provisioningInfo.json
Comment on lines +11669 to +11674
{
"scheme": "DelegatedWork",
"environment": "",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e"
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new provisioning entries omit the id field entirely. Elsewhere in this file each scheme entry includes an id key (sometimes as an empty string for hidden entries); omitting it may break consumers that expect a consistent schema. Add an id field (or explicitly set it to an empty string) for both scheme objects here and keep the usual key ordering.

Copilot uses AI. Check for mistakes.
permissions/new/provisioningInfo.json
Comment on lines +11703 to +11708
{
"scheme": "DelegatedWork",
"environment": "",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e"
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new provisioning entries omit the id field entirely. Elsewhere in this file each scheme entry includes an id key (sometimes as an empty string for hidden entries); omitting it may break consumers that expect a consistent schema. Add an id field (or explicitly set it to an empty string) for both scheme objects here and keep the usual key ordering.

Copilot uses AI. Check for mistakes.
permissions/new/provisioningInfo.json
Comment on lines +11755 to +11760
{
"scheme": "DelegatedWork",
"environment": "",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e"
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new provisioning entries omit the id field entirely. Elsewhere in this file each scheme entry includes an id key (sometimes as an empty string for hidden entries); omitting it may break consumers that expect a consistent schema. Add an id field (or explicitly set it to an empty string) for both scheme objects here and keep the usual key ordering.

Copilot uses AI. Check for mistakes.
permissions/new/provisioningInfo.json
Comment on lines +11789 to +11794
{
"scheme": "DelegatedWork",
"environment": "",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e"
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new provisioning entries omit the id field entirely. Elsewhere in this file each scheme entry includes an id key (sometimes as an empty string for hidden entries); omitting it may break consumers that expect a consistent schema. Add an id field (or explicitly set it to an empty string) for both scheme objects here and keep the usual key ordering.

Copilot uses AI. Check for mistakes.
permissions/new/provisioningInfo.json
Comment on lines +12819 to +12824
{
"scheme": "DelegatedWork",
"environment": "",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e"
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new provisioning entries omit the id field entirely. Elsewhere in this file each scheme entry includes an id key (sometimes as an empty string for hidden entries); omitting it may break consumers that expect a consistent schema. Add an id field (or explicitly set it to an empty string) for both scheme objects here and keep the usual key ordering.

Copilot uses AI. Check for mistakes.
permissions/new/provisioningInfo.json
Comment on lines +12889 to +12894
{
"scheme": "DelegatedWork",
"environment": "",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e"
Copy link

Copilot AI Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These new provisioning entries omit the id field entirely. Elsewhere in this file each scheme entry includes an id key (sometimes as an empty string for hidden entries); omitting it may break consumers that expect a consistent schema. Add an id field (or explicitly set it to an empty string) for both scheme objects here and keep the usual key ordering.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marabooy