Conversation
There was a problem hiding this comment.
Pull request overview
Weekly sync updating the repository’s permission manifests to reflect newly added/updated Microsoft Graph permissions and endpoint-to-scope mappings.
Changes:
- Added new WorkIQ-related permission entries and updated several UserAuthMethodAuthApp permission IDs/resourceAppIds in provisioning metadata.
- Extended
Files.*permission path mappings to include Drive archive/unarchive endpoints. - Updated permission definitions/mappings for Places (adding Application scheme support) and SharePoint cross-tenant migration app endpoints.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| permissions/new/provisioningInfo.json | Adds new WorkIQ permission entries and updates several existing auth-method permission GUIDs/resource app IDs. |
| permissions/new/permissions.json | Adds new endpoint path mappings (Drive archive/unarchive), expands Place.ReadWrite.All scheme support, and adds SharePoint migration app endpoints. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "resourceAppId": "59eca866-2f46-40b8-96ff-63f663121ef9" | ||
| } | ||
| ], | ||
| "WorkIQAgent.Ask": [ |
There was a problem hiding this comment.
The "WorkIQAgent.Ask" key is indented differently than surrounding keys (extra leading space). This file appears to use consistent 4-space indentation per nesting level, and the mis-indentation can cause formatting/lint checks to fail. Please align this key’s indentation with the adjacent entries.
| "/drive/bundles/{driveItemId}/archive": "", | ||
| "/drive/bundles/{driveItemId}/unarchive": "least=DelegatedWork,DelegatedPersonal", | ||
| "/drive/following/{driveItemId}/archive": "", | ||
| "/drive/following/{driveItemId}/unarchive": "least=DelegatedWork,DelegatedPersonal", | ||
| "/drive/items/{driveItemId}/archive": "", | ||
| "/drive/items/{driveItemId}/unarchive": "least=DelegatedWork,DelegatedPersonal", |
There was a problem hiding this comment.
In this Files.Read pathSet, the new archive/unarchive endpoints have inconsistent "least" markings: archive paths are "" while the corresponding unarchive paths are marked least=DelegatedWork,DelegatedPersonal. For paired operations like this, the least-required permission should generally be consistent; please verify which permission is actually minimal and update the least markers (and/or move the least markers to the correct permission block) so archive and unarchive match.
| "/drives/{drivesId}/root/archive": "", | ||
| "/drives/{drivesId}/root/unarchive": "least=DelegatedWork,DelegatedPersonal", | ||
| "/shares/{sharesId}/driveItem/archive": "", | ||
| "/shares/{sharesId}/driveItem/unarchive": "least=DelegatedWork,DelegatedPersonal", |
There was a problem hiding this comment.
These newly added share-based archive/unarchive paths use a different casing and placeholder style ("/shares/{sharesId}/driveItem") than the existing share paths nearby (e.g. "/shares/{id}/driveitem/..."). If path matching is case-sensitive or relies on canonical templates, this can create duplicate/unmatched entries. Please normalize the segment casing and parameter naming to the canonical form used in this file/spec.
| "/solutions/sharepoint/migrations/crossorganizationmigrationapps": "least=DelegatedWork,Application", | ||
| "/solutions/sharepoint/migrations/crossorganizationmigrationapps/{appId}/unregister": "least=DelegatedWork,Application", | ||
| "/solutions/sharepoint/migrations/crossOrganizationmigrationtasks": "least=DelegatedWork,Application", | ||
| "/solutions/sharepoint/migrations/crossOrganizationmigrationtasks/{id}/cancel": "least=DelegatedWork,Application" | ||
| } |
There was a problem hiding this comment.
The new migration app endpoints use a different casing pattern ("crossorganizationmigrationapps") than the existing endpoints in the same area ("crossOrganizationmigrationtasks", "crossOrganizationGroupMappings"). If URL/path matching is case-sensitive, this inconsistency can break permission resolution. Please confirm the correct Graph path casing and make it consistent across all related entries.
| "/solutions/sharepoint/migrations/crossOrganizationGroupMappings(sourceGroupObjectId={sourceGroupObjectId})": "least=DelegatedWork,Application", | ||
| "/solutions/sharepoint/migrations/crossorganizationmigrationapps/{appId}": "least=DelegatedWork,Application", |
There was a problem hiding this comment.
This added path ("/solutions/sharepoint/migrations/crossorganizationmigrationapps/{appId}") uses the lower-case "crossorganization..." segment, while other sibling endpoints in this section use "crossOrganization..." casing. Please verify the intended canonical path and align casing consistently to avoid mismatches.
2 participants
Weekly Permissions sync 2026-02-08