News from Build 2020: More granular Microsoft Graph permissions
There are a bunch (the correct technical term I’m sure) of new, more granular permissions now available to use against Microsoft Teams Graph API calls.
These have been eagerly asked by developers because requesting very broad permissions can be a stumbling block with IT when deploying applications. Note, this is not resource-specific consent (RSC) which is another way of requesting more granular permissions, which I’ve blogged about separately.
The new permissions were mentioned in the round-up blog post:Â Whatâs new in the Microsoft Teams Platform | Microsoft Build 2020Â which mentions 24 new permissions being available, but doesn’t list them out.
From looking at the GitHub check-ins, I’ve managed to find 22 of the new permissions, and I’ll update this post as and when I find the rest:
edit: having reviewed Nick Kramer’s session, and with thanks to Cameron Dwyer, full list of 24 below:
AppCatalog.Read.All
Channel.ReadBasic.All
Channel.Delete.All
Channel.Create
ChannelMember.Read.All
ChannelMember.ReadWrite
ChannelMember.ReadWrite.All
ChannelMessage.Send
ChannelSettings.Read.All
ChannelSettings.ReadWrite.All
Chat.ReadBasic
Chat.ReadBasic.All
Chat.ReadWrite
Directory.Read.All
Directory.ReadWrite.All
GroupMember.Read.All
Team.ReadBasic.All
TeamSettings.ReadWrite.All
TeamSettings.Read.All
TeamsApp.ReadWrite.All
TeamsTab.Create
TeamsTab.ReadWrite.All
TeamsTab.Read.All
WorkforceIntegration.Read.All
These permissions are showing as API permissions you can add to Azure AD applications now: