Skip to content

Weekly Permissions sync 2025-11-27#1361

Closed
marabooy wants to merge 2 commits intomasterfrom
permissions-update/2025-11-27
Closed

Weekly Permissions sync 2025-11-27#1361
marabooy wants to merge 2 commits intomasterfrom
permissions-update/2025-11-27

Conversation

@marabooy
Copy link
Contributor

@marabooy marabooy commented Nov 27, 2025

Weekly Permissions sync 2025-11-27

Copilot AI review requested due to automatic review settings November 27, 2025 00:31
@marabooy marabooy requested a review from a team as a code owner November 27, 2025 00:31
Copilot AI reviewed Nov 27, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR synchronizes the permissions configuration as part of the weekly update process dated 2025-11-27. The changes primarily focus on enabling Agent Registry permissions and adding new application/service principal management permissions.

Key changes:

  • Enabling 18 Agent* permissions (Read/ReadWrite for AgentInstance, AgentCardManifest, AgentCollection) by adding UUIDs and changing visibility/enabled flags
  • Adding 4 new permission entries with empty IDs: AppRegistration.Create, AppRegistration.DeleteRestore.All, AppRegistration.EnableDisable.All, and ServicePrincipal.DeleteRestore.All
  • Correcting resourceAppId for one CopilotPackages permission and adding comprehensive permission definitions in permissions.json

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
permissions/new/provisioningInfo.json Enables Agent* permissions with UUIDs, adds new AppRegistration/ServicePrincipal entries with empty IDs, corrects one resourceAppId, adds Group-Priority and MailboxConfigItem entries
permissions/new/permissions.json Adds complete definitions for all Agent* permissions, MailboxConfigItem.Read, reorganizes Calendar.Read and CloudPC paths, adds Policy paths, adds Copilot report paths

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

permissions/new/provisioningInfo.json
Comment on lines +1037 to +1041
"id": "",
"scheme": "DelegatedWork",
"environment": "",
"isHidden": true,
"isEnabled": true,
Copy link

Copilot AI Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New permission entries AppRegistration.Create, AppRegistration.DeleteRestore.All, AppRegistration.EnableDisable.All, and ServicePrincipal.DeleteRestore.All (lines 1037-1087 and 13172-13186) have empty id and environment fields but are marked as isEnabled: true. This creates an inconsistent state where permissions are enabled without proper identifiers. Either populate these fields with valid UUIDs and environment values, or set isEnabled: false until the identifiers are available.

Copilot uses AI. Check for mistakes.
@jasonjoh jasonjoh assigned jasonjoh and unassigned jasonjoh Dec 1, 2025
@jasonjoh jasonjoh closed this Dec 1, 2025
@jasonjoh jasonjoh deleted the permissions-update/2025-11-27 branch December 1, 2025 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marabooy @jasonjoh