Merge pull request #25424 from microsoftgraph/rbac-oauth2permissionsgrants

Entra admin roles - oauth2permissionsgrants

Author: Lauragra

api-reference/beta/includes/rbac-for-apis/rbac-oauth2permissiongrant-apis-read.md

@@ -3,13 +3,14 @@ author: psignoret
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
-
-- Application Administrator
-- Application Developer
-- Cloud Application Administrator
-- Directory Writers
-- Privileged Role Administrator
-- User Administrator
-- Directory Readers
-- Global Reader
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Global Reader
+> - Directory Readers
+> - Application Administrator
+> - Application Developer
+> - Cloud Application Administrator
+> - Directory Writers
+> - Privileged Role Administrator
+> - User Administrator

api-reference/beta/includes/rbac-for-apis/rbac-oauth2permissiongrant-apis-write.md

@@ -3,11 +3,12 @@ author: psignoret
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
-
-- Application Administrator
-- Application Developer
-- Cloud Application Administrator
-- Directory Writers
-- Privileged Role Administrator
-- User Administrator
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Application Administrator
+> - Application Developer
+> - Cloud Application Administrator
+> - Directory Writers
+> - Privileged Role Administrator
+> - User Administrator

api-reference/beta/includes/rbac-for-apis/rbac-oauth2permissiongrant-serviceprincipal-apis-read.md

@@ -3,14 +3,15 @@ author: psignoret
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
-
-- Application Administrator
-- Application Developer
-- Cloud Application Administrator
-- Directory Writers
-- Privileged Role Administrator
-- User Administrator
-- Directory Readers
-- Global Reader
-- Directory Synchronization Accounts - for Microsoft Entra Connect and Microsoft Entra Cloud Sync services
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Directory Readers
+> - Global Reader
+> - Application Developer
+> - Directory Writers
+> - Cloud Application Administrator
+> - Application Administrator
+> - Privileged Role Administrator
+> - User Administrator
+> - Directory Synchronization Accounts - for Microsoft Entra Connect and Microsoft Entra Cloud Sync services

api-reference/beta/includes/rbac-for-apis/rbac-oauth2permissiongrant-users-apis-read.md

@@ -3,14 +3,16 @@ author: psignoret
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Guest Inviter
+> - Global Reader
+> - Directory Readers
+> - Application Developer
+> - Directory Writers
+> - Cloud Application Administrator
+> - Application Administrator
+> - Privileged Role Administrator
+> - User Administrator
 
-- Application Administrator
-- Application Developer
-- Cloud Application Administrator
-- Directory Writers
-- Privileged Role Administrator
-- User Administrator
-- Directory Readers
-- Global Reader
-- Guest Inviter

api-reference/v1.0/includes/rbac-for-apis/rbac-oauth2permissiongrant-apis-read.md

@@ -3,7 +3,14 @@ author: psignoret
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
-
-- Directory Readers
-- Global Reader
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Global Reader
+> - Directory Readers
+> - Application Administrator
+> - Application Developer
+> - Cloud Application Administrator
+> - Directory Writers
+> - User Administrator
+> - Privileged Role Administrator

api-reference/v1.0/includes/rbac-for-apis/rbac-oauth2permissiongrant-apis-write.md

@@ -3,11 +3,11 @@ author: psignoret
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
-
-- Application Administrator
-- Application Developer
-- Cloud Application Administrator
-- Directory Writers
-- Privileged Role Administrator
-- User Administrator
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Application Developer
+> - Cloud Application Administrator
+> - Directory Writers
+> - User Administrator
+> - Privileged Role Administrator

api-reference/v1.0/includes/rbac-for-apis/rbac-oauth2permissiongrant-serviceprincipal-apis-read.md

@@ -3,14 +3,15 @@ author: psignoret
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
-
-- Application Administrator
-- Application Developer
-- Cloud Application Administrator
-- Directory Writers
-- Privileged Role Administrator
-- User Administrator
-- Directory Readers
-- Global Reader
-- Directory Synchronization Accounts - for Microsoft Entra Connect and Microsoft Entra Cloud Sync services
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Directory Readers
+> - Global Reader
+> - Application Developer
+> - Directory Writers
+> - Cloud Application Administrator
+> - Application Administrator
+> - Privileged Role Administrator
+> - User Administrator
+> - Directory Synchronization Accounts - for Microsoft Entra Connect and Microsoft Entra Cloud Sync services

api-reference/v1.0/includes/rbac-for-apis/rbac-oauth2permissiongrant-users-apis-read.md

@@ -3,14 +3,15 @@ author: psignoret
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
-
-- Application Administrator
-- Application Developer
-- Cloud Application Administrator
-- Directory Writers
-- Privileged Role Administrator
-- User Administrator
-- Directory Readers
-- Global Reader
-- Guest Inviter
+> [!IMPORTANT]
+> 
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation:
+> - Guest Inviter
+> - Global Reader
+> - Directory Readers
+> - Application Developer
+> - Directory Writers
+> - Cloud Application Administrator
+> - Application Administrator
+> - Privileged Role Administrator
+> - User Administrator