Merge pull request #25602 from microsoftgraph/rbac-certBasedAuthConfig

Lauragra · web-flow · commit 6e86dccb9737 · 2024-11-05T17:08:57.000-08:00
Entra admin roles - cert-based auth configuration
diff --git a/api-reference/beta/api/certificatebasedauthconfiguration-delete.md b/api-reference/beta/api/certificatebasedauthconfiguration-delete.md
@@ -24,6 +24,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "certificatebasedauthconfiguration_delete" } -->
 [!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthconfiguration-delete-permissions.md)]
 
+[!INCLUDE [rbac-cert-based-auth-config-apis](../includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/beta/api/certificatebasedauthconfiguration-get.md b/api-reference/beta/api/certificatebasedauthconfiguration-get.md
@@ -24,6 +24,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "certificatebasedauthconfiguration_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthconfiguration-get-permissions.md)]
 
+[!INCLUDE [rbac-cert-based-auth-config-apis](../includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/beta/api/certificatebasedauthconfiguration-list.md b/api-reference/beta/api/certificatebasedauthconfiguration-list.md
@@ -27,6 +27,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "certificatebasedauthconfiguration_list" } -->
 [!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthconfiguration-list-permissions.md)]
 
+[!INCLUDE [rbac-cert-based-auth-config-apis](../includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/beta/api/certificatebasedauthconfiguration-post-certificatebasedauthconfiguration.md b/api-reference/beta/api/certificatebasedauthconfiguration-post-certificatebasedauthconfiguration.md
@@ -16,7 +16,7 @@ Namespace: microsoft.graph
 Create a new [certificateBasedAuthConfiguration](../resources/certificateBasedAuthConfiguration.md) object.
 
 > [!NOTE]
-> Only a single instance of a **certificateBasedAuthConfiguration** can be created (the collection can only have one member). It always has a fixed ID with a value of '29728ade-6ae4-4ee9-9103-412912537da5'.
+> Only a single instance of a **certificateBasedAuthConfiguration** can be created (the collection can only have one member). It always has a fixed ID with a value of `29728ade-6ae4-4ee9-9103-412912537da5`.
 
 [!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
 
@@ -27,7 +27,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "certificatebasedauthconfiguration_post_certificatebasedauthconfiguration" } -->
 [!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthconfiguration-post-certificatebasedauthconfiguration-permissions.md)]
 
-For delegated scenarios, the calling user must have the *Global Administrator* [Microsoft Entra role](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles).
+[!INCLUDE [rbac-cert-based-auth-config-apis](../includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md)]
 
 ## HTTP request
 
diff --git a/api-reference/beta/includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md b/api-reference/beta/includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md
@@ -0,0 +1,7 @@
+---
+author: vimrang
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. *Global Administrator* is the only role supported for this operation.
diff --git a/api-reference/v1.0/api/certificatebasedauthconfiguration-delete.md b/api-reference/v1.0/api/certificatebasedauthconfiguration-delete.md
@@ -22,6 +22,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "certificatebasedauthconfiguration_delete" } -->
 [!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthconfiguration-delete-permissions.md)]
 
+[!INCLUDE [rbac-cert-based-auth-config-apis](../includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/v1.0/api/certificatebasedauthconfiguration-get.md b/api-reference/v1.0/api/certificatebasedauthconfiguration-get.md
@@ -22,6 +22,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "certificatebasedauthconfiguration_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthconfiguration-get-permissions.md)]
 
+[!INCLUDE [rbac-cert-based-auth-config-apis](../includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/v1.0/api/certificatebasedauthconfiguration-list.md b/api-reference/v1.0/api/certificatebasedauthconfiguration-list.md
@@ -25,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "certificatebasedauthconfiguration_list" } -->
 [!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthconfiguration-list-permissions.md)]
 
+[!INCLUDE [rbac-cert-based-auth-config-apis](../includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/v1.0/api/certificatebasedauthconfiguration-post-certificatebasedauthconfiguration.md b/api-reference/v1.0/api/certificatebasedauthconfiguration-post-certificatebasedauthconfiguration.md
@@ -25,7 +25,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "certificatebasedauthconfiguration_post_certificatebasedauthconfiguration" } -->
 [!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthconfiguration-post-certificatebasedauthconfiguration-permissions.md)]
 
-For delegated scenarios, the calling user must have the *Global Administrator* [Microsoft Entra role](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles).
+[!INCLUDE [rbac-cert-based-auth-config-apis](../includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md)]
 
 ## HTTP request
 
diff --git a/api-reference/v1.0/includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md b/api-reference/v1.0/includes/rbac-for-apis/rbac-cert-based-auth-config-apis.md
@@ -0,0 +1,7 @@
+---
+author: vimrang
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. *Global Administrator* is the only role supported for this operation.
