Skip to content

Weekly Permissions sync 2025-12-26 #1392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
marabooy wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Weekly Permissions sync 2025-12-26 #1392

marabooy wants to merge 1 commit into from
+23 −0

Conversation

@marabooy
Copy link
Contributor

@marabooy marabooy commented Dec 26, 2025

Weekly Permissions sync 2025-12-26

Copilot AI review requested due to automatic review settings December 26, 2025 00:29
@marabooy marabooy requested a review from a team as a code owner December 26, 2025 00:29
Copilot AI reviewed Dec 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements a weekly permissions sync that adds support for conditional access classic policies endpoints. The changes introduce new API path permissions for reading the classic policies collection and updating individual classic policy resources.

  • Adds GET permission for /identity/conditionalaccess/classicpolicies collection endpoint
  • Adds PATCH permission for /identity/conditionalaccess/classicpolicies/{id} individual resource endpoint
  • Updates both the Policy.Read.All and Policy.ReadWrite.ConditionalAccess permission scopes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

permissions/new/permissions.json
Comment on lines +37071 to +37081
{
"schemeKeys": [
"DelegatedWork"
],
"methods": [
"PATCH"
],
"paths": {
"/identity/conditionalaccess/classicpolicies/{id}": "least=DelegatedWork"
}
},
Copy link

Copilot AI Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The permissions define a PATCH method for the individual classicpolicies resource but no GET method. This is inconsistent with similar conditional access resources in this file. For example, vpnconnectivitycertificates has GET defined for both the collection and individual resources (lines 37040-37046), and namedlocations and policies have GET, PATCH, and DELETE combined for individual resources (line 36937-36950). Consider adding a GET method entry for /identity/conditionalaccess/classicpolicies/{id} to align with the established pattern and allow clients to retrieve individual classic policies after creating or updating them.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marabooy