rules/conditions/EntraID/Applications/enterprise-app-permissions.json
|
{
filter: [ { conditions : [ ["ClaimValue", "eq", "Application.ReadWrite.All"], ["ClaimValue", "eq", "Directory.ReadWrite.All"], ["ClaimValue", "eq", "Domain.ReadWrite.All"], ["ClaimValue", "eq", "Group.ReadWrite.All"], ["ClaimValue", "eq", "Member.Read.Hidden"], ["ClaimValue", "eq", "User.ReadWrite.All"], ["ClaimValue", "eq", "AppRoleAssignment.ReadWrite.All"], ["ClaimValue", "eq", "RoleManagement.ReadWrite.Directory"], ["ClaimValue", "eq", "full_access_as_app"], ["ClaimValue", "eq", "Exchange.ManageAsApp"], ["ClaimValue", "eq", "Mail.Send"], ["ClaimValue", "eq", "Sites.ReadWrite.All"], ["ClaimValue", "eq", "Sites.FullControl.All"], ["ClaimValue", "eq", "Files.ReadWrite.All"], ["ClaimValue", "eq", "Mail.ReadWrite"], ["ClaimValue", "eq", "Sites.FullControl.All"], ["ClaimValue", "eq", "DeviceManagementApps.ReadWrite.All"], ["ClaimValue", "eq", "DeviceManagementConfiguration.ReadWrite.All"], ["ClaimValue", "eq", "DeviceManagementManagedDevices.ReadWrite.All"], ["ClaimValue", "eq", "DeviceManagementRBAC.ReadWrite.All"], ["ClaimValue", "eq", "DeviceManagementServiceConfig.ReadWrite.All"], ["ClaimValue", "eq", "Organization.ReadWrite.All"], ["ClaimValue", "eq", "Policy.ReadWrite.ConditionalAccess"], ["ClaimValue", "eq", "Policy.ReadWrite.Authorization"], ["ClaimValue", "eq", "Policy.ReadWrite.AuthenticationMethod"], ["ClaimValue", "eq", "Financials.ReadWrite.All"], ["ClaimValue", "eq", "RoleManagement.ReadWrite.Directory"] ], operator : 'or' } ] } |