TechQA.

Azure AD application permissions: Does permissions assigned to one application will modify another application in same tenant?

340 views Asked by At

I am creating application in Azure AD and assigning following "Application" permissions to that applications.

1) Application.ReadWrite.All
2) AppRoleAssignment.ReadWrite.All
3) Files.ReadWrite.All
4) Group.Read.All
5) User.Read.All
6) full_access_as_app

I want to know if there is any security risk, if these assigned permissions gives rights to my application to modify any other application. Thanks in advance.

azure azure-active-directory azure-application-settings
Original Q&A
1

There are 1 answers

6
Joy Wang On BEST ANSWER

if these assigned permissions give rights to my application to modify any other application.

Yes, I suppose you add the application permissions of Microsoft Graph, with different application permissions, the app can call different Microsoft Graph APIs.

For example, you give the Application.ReadWrite.All application permission in MS Graph, then it will be able to call the MS Graph API - Update application, it can modify all the applications in your AAD tenant.

Related Questions in AZURE

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in AZURE-APPLICATION-SETTINGS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions