Conversation
There was a problem hiding this comment.
Pull request overview
Weekly permissions sync updating the generated permission metadata used by the repo’s permissions/new/* datasets.
Changes:
- Added new permission definitions for
CopilotPolicySettings.ReadandCopilotPolicySettings.ReadWrite(including path mappings). - Updated
provisioningInfo.jsondeployments with new/updated permission variants (Copilot policy settings, InfoProtect ABAC policy permissions, cross-tenant policy read, and several privileged schedule/policy entries). - Adjusted existing policy/authentication-related path mappings (e.g., CrossTenantAccessPolicy GET handling, authentication method configuration additions, and FIDO2/passkey path mapping updates).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| permissions/new/provisioningInfo.json | Updates permission deployment variants (IDs, hidden flags, and newly introduced permission entries). |
| permissions/new/permissions.json | Adds Copilot policy settings permissions and updates various policy/authentication path mappings. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "InfoProtectABACPolicy.Read.All": [ | ||
| { | ||
| "id": "f8c4e3f1-6b9a-4c2e-8d5a-bcf123456789", | ||
| "scheme": "DelegatedWork", |
There was a problem hiding this comment.
The newly added InfoProtectABACPolicy.* permission keys (and their array entries) are mis-indented compared to the surrounding permissionDeployments entries (keys elsewhere align at 4 spaces, array items at 6). Please reformat these blocks to match the file’s established 2-space indentation so diffs stay clean and automated formatting/validation doesn’t drift.
| "id": "", | ||
| "scheme": "DelegatedWork", | ||
| "environment": "public", | ||
| "isHidden": true, | ||
| "isEnabled": true, | ||
| "resourceAppId": "00000002-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", | ||
| "scheme": "Application", | ||
| "environment": "public", | ||
| "isHidden": true, | ||
| "isEnabled": true, | ||
| "resourceAppId": "00000002-0000-0000-c000-000000000000" |
There was a problem hiding this comment.
Policy.Read.CrossTenantAccess is configured with resourceAppId = 00000002-0000-0000-c000-000000000000, but the existing Policy.ReadWrite.CrossTenantAccess entry in this same file uses resourceAppId = "". Since both permissions are for CrossTenantAccess policies, this looks like an inconsistent resource target and will likely break provisioning/lookup. Please align resourceAppId with the correct resource (matching the ReadWrite permission unless there’s a documented reason to differ).
Weekly Permissions sync 2026-04-18