Context
The idea is to introduce a new section to our docs called Permissions. Here we list all needed permissions to execute a specific command (both delegated and application permissions). This way it is easier for developers to use their own app registration with a few permissions instead of having the PnP one which has all permissions. It will also be easier to run the CLI with application permissions.
In the first stage we are going to list permissions only for Graph commands because these are well documented.
I suggest that we list all permissions that the command can possibly use in one table. Example: when using the command m365 planner plan get, if we provide the option ownerGroupName, we need the extra permission Group.Read.All.
I also suggest that we don't list all permissions e.g. to read group members we could use GroupMember.Read.All, GroupMember.ReadWrite.All, Group.Read.All and Group.ReadWrite.All. I suggest that we only list the most restrictive permission being GroupMember.Read.All in this case.
Right now we do have some admonitions in our remarks section stating which special roles you need. For example: To run this command you need the SharePoint Administrator or Global Administrator role.. I suggest that we also move this to the new Permissions section.
Where should we place it? Debatable, I'd say let's put it right before the response section.
How could it look like?
Still open for discussion (like everything else). Current design looks like:
Context
The idea is to introduce a new section to our docs called
Permissions. Here we list all needed permissions to execute a specific command (both delegated and application permissions). This way it is easier for developers to use their own app registration with a few permissions instead of having the PnP one which has all permissions. It will also be easier to run the CLI with application permissions.In the first stage we are going to list permissions only for Graph commands because these are well documented.
I suggest that we list all permissions that the command can possibly use in one table. Example: when using the command
m365 planner plan get, if we provide the optionownerGroupName, we need the extra permissionGroup.Read.All.I also suggest that we don't list all permissions e.g. to read group members we could use
GroupMember.Read.All,GroupMember.ReadWrite.All,Group.Read.AllandGroup.ReadWrite.All. I suggest that we only list the most restrictive permission beingGroupMember.Read.Allin this case.Right now we do have some admonitions in our remarks section stating which special roles you need. For example:
To run this command you need the SharePoint Administrator or Global Administrator role.. I suggest that we also move this to the new Permissions section.Where should we place it? Debatable, I'd say let's put it right before the
responsesection.How could it look like?
Still open for discussion (like everything else). Current design looks like: