List permissions needed for each operation #1248
PavolBosik
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
For security-sensitive use cases, it would be beneficial to document the minimal permission set required for each supported operation.
Example:
export-solution seems to access tenant-level API (
/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments?`$expand=permissions&api-version=2020-08-01in my case), although most probably just reading data. When using Client Credentials, the required permission(s) are granted implicitly, so nobody cares. But with Federated Credentials they aren't.The problem could be simply resolved by adding the Service Principal the full Power Platform Admin role, but that could be undesired from security point of view. It would be great to go with finer granularity permissions. The problem is how to identify what exactly is needed...
Beta Was this translation helpful? Give feedback.
All reactions