Conversation
There was a problem hiding this comment.
Pull request overview
Weekly sync updating the permissions metadata used by the repo’s permissions catalog, adding newly introduced permissions and API path mappings.
Changes:
- Added provisioning entries for
AgentIdentityBlueprint.UpdateManagerApps.All,AgentRegistration.Read.All,AgentRegistration.ReadWrite.All, andCalls.ReportSyntheticMedia.All. - Extended Entitlement Management permissions to include Access Evaluation detections/policies endpoints and CRUD mappings.
- Extended Network Access permissions to include
mcpPoliciesand relatedpolicyRulesendpoints.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| permissions/new/provisioningInfo.json | Adds/updates provisioning metadata entries for several new permissions. |
| permissions/new/permissions.json | Adds new API path mappings under existing permissions (EntitlementManagement, NetworkAccess). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "resourceAppId": "00000002-0000-0000-c000-000000000000" | ||
| } | ||
| ], | ||
| "AgentRegistration.Read.All": [ |
There was a problem hiding this comment.
The permission key at this indentation level is misaligned (one extra leading space before the opening quote). Please align it with the surrounding keys to keep JSON indentation consistent (2 spaces per level / consistent column alignment).
| "AgentRegistration.Read.All": [ | |
| "AgentRegistration.Read.All": [ |
| { | ||
| "schemeKeys": [ | ||
| "DelegatedWork", | ||
| "Application" | ||
| ], | ||
| "methods": [ | ||
| "GET" | ||
| ], | ||
| "paths": { | ||
| "/identitygovernance/accessevaluationdetections": "least=DelegatedWork,Application", | ||
| "/identitygovernance/accessevaluationdetections/{id}": "least=DelegatedWork,Application", | ||
| "/identitygovernance/accessevaluationpolicies": "least=DelegatedWork,Application", | ||
| "/identitygovernance/accessevaluationpolicies/{id}": "least=DelegatedWork,Application" | ||
| } |
There was a problem hiding this comment.
This adds a second pathSet with the same schemeKeys and methods (DelegatedWork+Application, GET) as an existing pathSet just above. Consider merging these new paths into the existing GET pathSet to avoid redundant blocks and keep the permission mapping easier to maintain.
| { | ||
| "schemeKeys": [ | ||
| "DelegatedWork", | ||
| "Application" | ||
| ], | ||
| "methods": [ | ||
| "GET" | ||
| ], | ||
| "paths": { | ||
| "/identitygovernance/accessevaluationdetections": "", | ||
| "/identitygovernance/accessevaluationdetections/{id}": "", | ||
| "/identitygovernance/accessevaluationpolicies": "", | ||
| "/identitygovernance/accessevaluationpolicies/{id}": "" | ||
| } |
There was a problem hiding this comment.
There is already a GET pathSet for the same schemeKeys (DelegatedWork+Application) earlier in this permission that lists many GET paths with empty values. Consider adding these new access evaluation GET paths to that existing GET pathSet instead of introducing a separate, identical GET block.
Weekly Permissions sync 2026-03-26