en-US/MSGraphPermissions/MSGraphPermissions-Help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" schema="maml" xmlns="http://msh"> <command:command> <command:details> <command:name>Find-GraphLeastPrivilege</command:name> <maml:description> <maml:para>Finds the least privileged permission(s) required for a Microsoft Graph API endpoint.</maml:para> </maml:description> <command:verb>Find</command:verb> <command:noun>GraphLeastPrivilege</command:noun> </command:details> <maml:description> <maml:para>The Find-GraphLeastPrivilege function identifies the minimal permissions needed to access a specific Microsoft Graph API endpoint. It queries the permissions cache (automatically initialized if needed) and returns only those permissions explicitly marked as least privileged in the Microsoft Graph permissions metadata.</maml:para> <maml:para>This function helps implement the principle of least privilege by identifying the minimum permission scope required for your application to function.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Find-GraphLeastPrivilege</maml:name> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases="none"> <maml:name>Method</maml:name> <maml:description> <maml:para>The HTTP method to filter by. Valid values are: GET, POST, PUT, PATCH, DELETE</maml:para> <maml:para>If not specified, returns least privileged permissions for all available methods on the path.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The Microsoft Graph API path to query. Path matching is case-insensitive. Use {id} placeholders for dynamic segments (e.g., "/users/{id}/messages").</maml:para> <maml:para>This parameter accepts pipeline input, allowing you to query multiple paths at once.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="none"> <maml:name>Scheme</maml:name> <maml:description> <maml:para>The authentication scheme to filter by. Valid values are: - DelegatedWork: Delegated permissions for work/school accounts - DelegatedPersonal: Delegated permissions for personal Microsoft accounts - Application: Application permissions (app-only access)</maml:para> <maml:para>If not specified, returns least privileged permissions for all available schemes.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases="none"> <maml:name>Method</maml:name> <maml:description> <maml:para>The HTTP method to filter by. Valid values are: GET, POST, PUT, PATCH, DELETE</maml:para> <maml:para>If not specified, returns least privileged permissions for all available methods on the path.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The Microsoft Graph API path to query. Path matching is case-insensitive. Use {id} placeholders for dynamic segments (e.g., "/users/{id}/messages").</maml:para> <maml:para>This parameter accepts pipeline input, allowing you to query multiple paths at once.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="none"> <maml:name>Scheme</maml:name> <maml:description> <maml:para>The authentication scheme to filter by. Valid values are: - DelegatedWork: Delegated permissions for work/school accounts - DelegatedPersonal: Delegated permissions for personal Microsoft accounts - Application: Application permissions (app-only access)</maml:para> <maml:para>If not specified, returns least privileged permissions for all available schemes.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String</command:parameterValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <dev:name>System.String</dev:name> </dev:type> <maml:description> <maml:para>{{ Fill in the Description }}</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <dev:name>PSCustomObject</dev:name> </dev:type> <maml:description> <maml:para>Returns objects with the following properties: - Path: The API path queried - Method: The HTTP method - Scheme: The authentication scheme - Permission: The least privileged permission name {{ Fill in the Description }}</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>- If a path is not found, a warning is displayed and no output is returned for that path - If no least privileged permissions are defined for the specified method/scheme combination, a warning is displayed - The permissions cache is automatically initialized on first use by calling Initialize-GraphPermissions - To refresh the permissions data, run: Initialize-GraphPermissions -Force</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- EXAMPLE 1 ---------</maml:title> <maml:introduction> <maml:para>``` Find-GraphLeastPrivilege -Path "/me/messages" -Method GET -Scheme DelegatedWork</maml:para> <maml:para>€</maml:para> <maml:para>Returns the least privileged permission needed to read the current user's messages using delegated work/school account permissions.</maml:para> <maml:para>€</maml:para> <maml:para>Output: Path Method Scheme Permission ---- ------ ------ ---------- /me/messages GET DelegatedWork Mail.ReadBasic ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 2 ---------</maml:title> <maml:introduction> <maml:para>``` Find-GraphLeastPrivilege -Path "/users/{id}/messages" -Method GET</maml:para> <maml:para>€</maml:para> <maml:para>Returns the least privileged permissions for reading a user's messages across all authentication schemes.</maml:para> <maml:para>€</maml:para> <maml:para>Output: Path Method Scheme Permission ---- ------ ------ ---------- /users/{id}/messages GET Application Mail.ReadBasic.All /users/{id}/messages GET DelegatedWork Mail.ReadBasic /users/{id}/messages GET DelegatedPersonal Mail.ReadBasic ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 3 ---------</maml:title> <maml:introduction> <maml:para>``` Find-GraphLeastPrivilege -Path "/me/messages"</maml:para> <maml:para>€</maml:para> <maml:para>Returns least privileged permissions for all HTTP methods and schemes available for the /me/messages endpoint. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 4 ---------</maml:title> <maml:introduction> <maml:para>``` "/me/messages", "/me/calendar/events" | Find-GraphLeastPrivilege -Method GET -Scheme DelegatedWork</maml:para> <maml:para>€</maml:para> <maml:para>Demonstrates pipeline usage to query multiple endpoints at once. Returns the least privileged delegated work permission for reading messages and calendar events.</maml:para> <maml:para>€</maml:para> <maml:para>Output: Path Method Scheme Permission ---- ------ ------ ---------- /me/messages GET DelegatedWork Mail.ReadBasic /me/calendar/events GET DelegatedWork Calendars.ReadBasic ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 5 ---------</maml:title> <maml:introduction> <maml:para>``` $paths = @("/users/{id}", "/groups/{id}", "/applications") $paths | Find-GraphLeastPrivilege -Method GET -Scheme Application | Select-Object Path, Permission</maml:para> <maml:para>€</maml:para> <maml:para>Queries multiple paths and displays only the path and permission, useful for generating permission requirement documentation. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version</maml:linkText> <command:uri /> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command> <command:details> <command:name>Find-GraphPath</command:name> <maml:description> <maml:para>Searches for Microsoft Graph API paths matching a wildcard pattern.</maml:para> </maml:description> <command:verb>Find</command:verb> <command:noun>GraphPath</command:noun> </command:details> <maml:description> <maml:para>The Find-GraphPath function searches through all available Microsoft Graph API paths in the permissions cache and returns those that match the specified wildcard pattern. This is useful for discovering available endpoints, exploring the API surface, or finding related endpoints by naming patterns.</maml:para> <maml:para>The function performs case-insensitive pattern matching using PowerShell's -like operator, supporting standard wildcards (* and ?).</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Find-GraphPath</maml:name> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0" aliases="none"> <maml:name>Pattern</maml:name> <maml:description> <maml:para>A wildcard pattern to match against API paths. Pattern matching is case-insensitive.</maml:para> <maml:para>Supports PowerShell wildcard syntax: - * matches zero or more characters - ? matches exactly one character</maml:para> <maml:para>Examples: - "*messages*" finds all paths containing "messages" - "/me/*" finds all paths under /me - "/users/{id}/mail*" finds mail-related endpoints under users</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">System.String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0" aliases="none"> <maml:name>Pattern</maml:name> <maml:description> <maml:para>A wildcard pattern to match against API paths. Pattern matching is case-insensitive.</maml:para> <maml:para>Supports PowerShell wildcard syntax: - * matches zero or more characters - ? matches exactly one character</maml:para> <maml:para>Examples: - "*messages*" finds all paths containing "messages" - "/me/*" finds all paths under /me - "/users/{id}/mail*" finds mail-related endpoints under users</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">System.String</command:parameterValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <dev:name>PSCustomObject</dev:name> </dev:type> <maml:description> <maml:para>Returns objects with the following properties: - Path: The API path that matched the pattern - Methods: Comma-separated list of HTTP methods available for this path {{ Fill in the Description }}</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>- Pattern matching is case-insensitive - The permissions cache is automatically initialized on first use - To refresh the permissions data, run: Initialize-GraphPermissions -Force - Use wildcards strategically to narrow down results, as some patterns may return hundreds of paths (e.g., "/me/*" returns 1000+ paths) - The Methods property shows all available HTTP methods; use Find-GraphLeastPrivilege to determine required permissions for specific methods</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- EXAMPLE 1 ---------</maml:title> <maml:introduction> <maml:para>``` Find-GraphPath -Pattern "*messages*"</maml:para> <maml:para>€</maml:para> <maml:para>Finds all API paths containing the word "messages" anywhere in the path.</maml:para> <maml:para>€</maml:para> <maml:para>Output: Path Methods ---- ------- /me/messages POST, GET /users/{id}/messages POST, GET /me/mailfolders/{id}/messages POST, GET /chats/{id}/messages POST, GET ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 2 ---------</maml:title> <maml:introduction> <maml:para>``` Find-GraphPath -Pattern "/me/*"</maml:para> <maml:para>€</maml:para> <maml:para>Finds all API paths directly under the /me endpoint. Returns hundreds of paths showing all available operations for the current user context. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 3 ---------</maml:title> <maml:introduction> <maml:para>``` Find-GraphPath -Pattern "*accessreviews*"</maml:para> <maml:para>€</maml:para> <maml:para>Discovers all access review-related endpoints across the API.</maml:para> <maml:para>€</maml:para> <maml:para>Output: Path Methods ---- ------- /accessreviews POST, GET /accessreviews/{id} DELETE, PATCH, GET /identitygovernance/accessreviews/definitions POST, GET /identitygovernance/accessreviews/policy PATCH, GET ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 4 ---------</maml:title> <maml:introduction> <maml:para>``` Find-GraphPath -Pattern "/users/{id}/mail*" | Format-Table -AutoSize</maml:para> <maml:para>€</maml:para> <maml:para>Finds all mail-related endpoints for a specific user and formats the output as a compact table. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 5 ---------</maml:title> <maml:introduction> <maml:para>``` $calendarPaths = Find-GraphPath -Pattern "*calendar*" $calendarPaths | Select-Object -First 10</maml:para> <maml:para>€</maml:para> <maml:para>Finds all calendar-related paths and displays the first 10 results. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 6 ---------</maml:title> <maml:introduction> <maml:para>``` Find-GraphPath -Pattern "/identitygovernance/lifecycleworkflows/workflows*" | Measure-Object | Select-Object -ExpandProperty Count</maml:para> <maml:para>€</maml:para> <maml:para>Counts how many workflow-related endpoints exist under lifecycle workflows. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version</maml:linkText> <command:uri /> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command> <command:details> <command:name>Get-GraphPermissions</command:name> <maml:description> <maml:para>Retrieves all permissions (including non-least privileged) for a Microsoft Graph API endpoint.</maml:para> </maml:description> <command:verb>Get</command:verb> <command:noun>GraphPermissions</command:noun> </command:details> <maml:description> <maml:para>The Get-GraphPermissions function returns comprehensive permission information for a Microsoft Graph API endpoint, including all available permissions regardless of whether they are marked as least privileged. This provides a complete view of all permissions that can access an endpoint.</maml:para> <maml:para>Unlike Find-GraphLeastPrivilege which only returns minimal permissions, this function shows every permission that grants access, along with indicators showing which are least privileged and what additional permissions they may require.</maml:para> <maml:para>Use this function when you need to: - Understand the full permission landscape for an endpoint - See what higher-privileged alternatives exist - Audit existing permissions against available options - Understand permission dependencies (AlsoRequires)</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-GraphPermissions</maml:name> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases="none"> <maml:name>Method</maml:name> <maml:description> <maml:para>The HTTP method to filter by. Valid values are: GET, POST, PUT, PATCH, DELETE</maml:para> <maml:para>If not specified, returns permissions for all available methods on the path.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The Microsoft Graph API path to query. Path matching is case-insensitive. Use {id} placeholders for dynamic segments (e.g., "/users/{id}/messages").</maml:para> <maml:para>This parameter accepts pipeline input, allowing you to query multiple paths at once.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="none"> <maml:name>Scheme</maml:name> <maml:description> <maml:para>The authentication scheme to filter by. Valid values are: - DelegatedWork: Delegated permissions for work/school accounts - DelegatedPersonal: Delegated permissions for personal Microsoft accounts - Application: Application permissions (app-only access)</maml:para> <maml:para>If not specified, returns permissions for all available schemes.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases="none"> <maml:name>Method</maml:name> <maml:description> <maml:para>The HTTP method to filter by. Valid values are: GET, POST, PUT, PATCH, DELETE</maml:para> <maml:para>If not specified, returns permissions for all available methods on the path.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String</command:parameterValue> </command:parameter> <command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="0" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>The Microsoft Graph API path to query. Path matching is case-insensitive. Use {id} placeholders for dynamic segments (e.g., "/users/{id}/messages").</maml:para> <maml:para>This parameter accepts pipeline input, allowing you to query multiple paths at once.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="true">System.String</command:parameterValue> </command:parameter> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases="none"> <maml:name>Scheme</maml:name> <maml:description> <maml:para>The authentication scheme to filter by. Valid values are: - DelegatedWork: Delegated permissions for work/school accounts - DelegatedPersonal: Delegated permissions for personal Microsoft accounts - Application: Application permissions (app-only access)</maml:para> <maml:para>If not specified, returns permissions for all available schemes.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.String</command:parameterValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <dev:name>System.String</dev:name> </dev:type> <maml:description> <maml:para>{{ Fill in the Description }}</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <dev:name>PSCustomObject</dev:name> </dev:type> <maml:description> <maml:para>Returns objects with the following properties: - Path: The API path queried - Method: The HTTP method - Scheme: The authentication scheme - Permission: The permission name - IsLeastPrivileged: Boolean indicating if this is a least privileged permission - AlsoRequires: Comma-separated list of additional required permissions (usually empty) {{ Fill in the Description }}</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>- Returns ALL permissions, not just least privileged ones - Use the IsLeastPrivileged property to identify minimal permissions - If a path is not found, a warning is displayed and no output is returned - The permissions cache is automatically initialized on first use - To refresh the permissions data, run: Initialize-GraphPermissions -Force - The AlsoRequires property indicates permission dependencies; most permissions don't have dependencies and will show an empty string</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- EXAMPLE 1 ---------</maml:title> <maml:introduction> <maml:para>``` Get-GraphPermissions -Path "/users/{id}" -Method GET</maml:para> <maml:para>€</maml:para> <maml:para>Returns all permissions (least privileged and higher) that can be used to read a user object, across all authentication schemes.</maml:para> <maml:para>€</maml:para> <maml:para>Output shows IsLeastPrivileged column to identify minimal permissions: Path Method Scheme Permission IsLeastPrivileged ---- ------ ------ ---------- ----------------- /users/{id} GET Application User.Read.All False /users/{id} GET Application User.ReadBasic.All True /users/{id} GET Application Directory.Read.All False ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 2 ---------</maml:title> <maml:introduction> <maml:para>``` Get-GraphPermissions -Path "/me/messages" -Method GET -Scheme DelegatedWork</maml:para> <maml:para>€</maml:para> <maml:para>Returns all delegated work permissions that can read the current user's messages, showing both least privileged and broader permissions.</maml:para> <maml:para>€</maml:para> <maml:para>Output: Path Method Scheme Permission IsLeastPrivileged ---- ------ ------ ---------- ----------------- /me/messages GET DelegatedWork Mail.ReadBasic True /me/messages GET DelegatedWork Mail.Read False /me/messages GET DelegatedWork Mail.ReadWrite False ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 3 ---------</maml:title> <maml:introduction> <maml:para>``` Get-GraphPermissions -Path "/users/{id}/messages" -Method GET | Where-Object { $_.IsLeastPrivileged } | Format-Table Permission, Scheme</maml:para> <maml:para>€</maml:para> <maml:para>Gets all permissions for reading user messages, then filters to show only the least privileged options across all schemes. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 4 ---------</maml:title> <maml:introduction> <maml:para>``` Get-GraphPermissions -Path "/me/calendar/events" -Method POST -Scheme Application | Select-Object Permission, IsLeastPrivileged, AlsoRequires</maml:para> <maml:para>€</maml:para> <maml:para>Shows all application permissions that can create calendar events, including any additional permissions required (AlsoRequires column). ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 5 ---------</maml:title> <maml:introduction> <maml:para>``` "/me/messages", "/me/calendar" | Get-GraphPermissions -Method GET | Group-Object Permission | Sort-Object Count -Descending</maml:para> <maml:para>€</maml:para> <maml:para>Compares permissions across multiple endpoints to identify which permissions grant access to multiple resources. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 6 ---------</maml:title> <maml:introduction> <maml:para>``` Get-GraphPermissions -Path "/groups/{id}/members" -Method GET | Format-Table Scheme, Permission, IsLeastPrivileged -GroupBy Scheme</maml:para> <maml:para>€</maml:para> <maml:para>Displays permissions grouped by authentication scheme for better readability. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version</maml:linkText> <command:uri /> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command> <command:details> <command:name>Initialize-GraphPermissions</command:name> <maml:description> <maml:para>Downloads and initializes the Microsoft Graph permissions cache.</maml:para> </maml:description> <command:verb>Initialize</command:verb> <command:noun>GraphPermissions</command:noun> </command:details> <maml:description> <maml:para>The Initialize-GraphPermissions function downloads the latest Microsoft Graph API permissions metadata from the official Microsoft Graph GitHub repository and builds an in-memory cache for fast lookups.</maml:para> <maml:para>The permissions data is automatically cached in memory after the first download, so subsequent calls are instantaneous. The cache persists for the duration of the PowerShell session.</maml:para> <maml:para>This function is automatically called by other module functions (Find-GraphLeastPrivilege, Get-GraphPermissions, Find-GraphPath) if the cache is not already initialized, so you typically don't need to call it explicitly unless you want to force a refresh.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Initialize-GraphPermissions</maml:name> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="Named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces a fresh download of permissions data from the remote source, even if the cache is already populated. Use this to refresh the data with the latest permissions from Microsoft Graph.</maml:para> <maml:para>Without this switch, the function will use existing cached data if available.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.Management.Automation.SwitchParameter</command:parameterValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="Named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces a fresh download of permissions data from the remote source, even if the cache is already populated. Use this to refresh the data with the latest permissions from Microsoft Graph.</maml:para> <maml:para>Without this switch, the function will use existing cached data if available.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="true">System.Management.Automation.SwitchParameter</command:parameterValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <dev:name>None</dev:name> </dev:type> <maml:description> <maml:para>This function does not return any output. It populates the internal module cache. {{ Fill in the Description }}</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>- Downloads from: https://raw.githubusercontent.com/microsoftgraph/microsoft-graph-devx-content/refs/heads/master/permissions/new/permissions.json - Data is cached in memory for the current PowerShell session only - Cache is automatically initialized by other module functions if needed - Use -Force to refresh data without restarting PowerShell - Requires internet connectivity to download permissions data - The permissions file is typically several MB in size - First download may take a few seconds depending on connection speed - Cached lookups are instantaneous after initialization</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- EXAMPLE 1 ---------</maml:title> <maml:introduction> <maml:para>``` Initialize-GraphPermissions</maml:para> <maml:para>€</maml:para> <maml:para>Downloads permissions data if not already cached. If data is already in memory, does nothing and returns immediately. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 2 ---------</maml:title> <maml:introduction> <maml:para>``` Initialize-GraphPermissions -Force</maml:para> <maml:para>€</maml:para> <maml:para>Forces a fresh download of the latest permissions data, replacing any existing cache. Use this when you need to ensure you have the most recent permissions metadata. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> <command:example> <maml:title>--------- EXAMPLE 3 ---------</maml:title> <maml:introduction> <maml:para>``` Initialize-GraphPermissions -Force -Verbose</maml:para> <maml:para>€</maml:para> <maml:para>Forces a refresh and shows detailed progress information about the download and indexing process. ```</maml:para> </maml:introduction> <dev:code /> <dev:remarks /> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version</maml:linkText> <command:uri /> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |