{"id":3353,"date":"2015-09-01T00:20:35","date_gmt":"2015-09-01T07:20:35","guid":{"rendered":"http:\/\/www.cloudidentity.com\/blog\/?p=3353"},"modified":"2015-09-01T00:20:35","modified_gmt":"2015-09-01T07:20:35","slug":"azure-ad-permissions-summary-table","status":"publish","type":"post","link":"https:\/\/www.cloudidentity.com\/blog\/2015\/09\/01\/azure-ad-permissions-summary-table\/","title":{"rendered":"Azure AD Permissions &ndash; summary table"},"content":{"rendered":"<p>I am finishing the <a href=\"http:\/\/www.amazon.com\/Authentication-Directory-Applications-Developer-Reference\/dp\/0735696942\">MAADWA\u2019<\/a>s chapter on the Azure AD application model, and just realized that we don\u2019t have in the <a href=\"https:\/\/msdn.microsoft.com\/Library\/Azure\/Ad\/Graph\/api\/graph-api-permission-scopes\">docs<\/a> any place where we highlight the IDs of the OOB Azure AD permissions. I am always a bit befuddled when I open the manifest of one app and see all those GUIDs in the <font face=\"Consolas\">requiredResourceAccess<\/font> section &#8211; I sure would appreciate a quick reference on what they really mean. Well, here you go!<\/p>\n<style>\ntd\n{border-left:1px solid black;\nborder-top:1px solid black;\n}\nth\n{border-left:1px solid black;\nborder-top:1px solid black;\nbackground-color: lightgrey;}\ntable\n{border-right:1px solid black;\nborder-bottom:1px solid black;\nfont-family: consolas;\nfont-size: 70%}\n<\/style>\n<table>\n<tbody>\n<tr>\n<th valign=\"top\" width=\"189\">\n<p>Permission description in the Azure portal<\/p>\n<\/th>\n<th valign=\"top\" width=\"165\">\n<p>Identifier<\/p>\n<\/th>\n<th valign=\"top\" width=\"120\">\n<p>Scope value<\/p>\n<\/th>\n<th valign=\"top\" width=\"240\">\n<p>Type<\/p>\n<\/th>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"189\">\n<p align=\"left\">Sign in and read user profile<\/p>\n<\/td>\n<td valign=\"top\" width=\"165\">\n<p align=\"left\">311a71cc-e848-46a1-bdf8-97ff7156d8e6<\/p>\n<\/td>\n<td valign=\"top\" width=\"120\">\n<p>UserProfile.Read<\/p>\n<\/td>\n<td valign=\"top\" width=\"240\">\n<p align=\"left\">User<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"189\">\n<p align=\"left\">Read directory data<\/p>\n<\/td>\n<td valign=\"top\" width=\"165\">\n<p align=\"left\">5778995a-e1bf-45b8-affa-663a9f3f4d04<\/p>\n<\/td>\n<td valign=\"top\" width=\"120\">\n<p>Directory.Read<\/p>\n<\/td>\n<td valign=\"top\" width=\"240\">\n<p align=\"left\">Admin (except for users from the tenant where the Application is defined)<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"189\">\n<p align=\"left\">Read and write directory data<\/p>\n<\/td>\n<td valign=\"top\" width=\"165\">\n<p align=\"left\">78c8a3c8-a07e-4b9e-af1b-b5ccab50a175<\/p>\n<\/td>\n<td valign=\"top\" width=\"120\">\n<p>Directory.Write<\/p>\n<\/td>\n<td valign=\"top\" width=\"240\">\n<p align=\"left\">Admin<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"189\">\n<p align=\"left\">Access the directory as the signed-in user<\/p>\n<\/td>\n<td valign=\"top\" width=\"165\">\n<p align=\"left\">a42657d6-7f20-40e3-b6f0-cee03008a62a<\/p>\n<\/td>\n<td valign=\"top\" width=\"120\">\n<p>user_impersonation<\/p>\n<\/td>\n<td valign=\"top\" width=\"240\">\n<p align=\"left\">Admin (except native clients)<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>I am finishing the MAADWA\u2019s chapter on the Azure AD application model, and just realized that we don\u2019t have in the docs any place where we highlight the IDs of the OOB Azure AD permissions. I am always a bit befuddled when I open the manifest of one app and see all those&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3353","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/3353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/comments?post=3353"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/3353\/revisions"}],"predecessor-version":[{"id":3354,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/3353\/revisions\/3354"}],"wp:attachment":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media?parent=3353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/categories?post=3353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/tags?post=3353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}