Permissions fixes - get/check member objects/groups

Author: FaithOmbongi

api-reference/beta/api/directoryobject-checkmembergroups.md

@@ -31,6 +31,14 @@ One of the following permissions is required to call this API. To learn more, in
 | Delegated (personal Microsoft account) | Not supported.                                        |
 | Application                            | User.Read.All, Directory.Read.All                     |
 
+### Group memberships for the signed-in user
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+| Permission type | Permissions (from least to most privileged) |
+|:-|:-|
+| Delegated (work or school account) | User.Read, User.ReadBasic.All, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Not supported. |
+
 ### Group memberships for a user
 <!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 | Permission type | Permissions (from least to most privileged) |
@@ -59,18 +67,6 @@ One of the following permissions is required to call this API. To learn more, in
 <!-- { "blockType": "permissions", "name": "directoryobject_checkmembergroups_5" } -->
 [!INCLUDE [permissions-table](../includes/permissions/directoryobject-checkmembergroups-5-permissions.md)]
 
-<!--
-The following table lists the permission types to use for different scenarios.
-
-| Scenario | Permissions |
-|:-|:-|
-| To get group memberships for the signed-in user | Use one of the following sets of permissions: <br/> <li> **User.Read** and **GroupMember.Read.All** <li>**User.Read** and **Group.Read.All** |
-| To get group memberships for any user | Use one of the following sets of permissions: <br/> <li> **User.ReadBasic.All** and **GroupMember.Read.All** <li>**User.Read.All** and **GroupMember.Read.All** <li>**User.ReadBasic.All** and **Group.Read.All** <li>**User.Read.All** and **Group.Read.All** |
-| To get group memberships for a group | Use either the **GroupMember.Read.All** or **Group.Read.All** permission. |
-| To get group memberships for a service principal | Use one of the following sets of permissions <br/> <li>**Application.ReadWrite.All** and **GroupMember.Read.All** <li>**Application.ReadWrite.All** and **Group.Read.All** |
-| To get group memberships for a directory object | Use the **Directory.Read.All** permission. |
--->
-
 ## HTTP request
 
 Group memberships for a directory object (user, group, service principal, or organizational contact).
@@ -79,10 +75,15 @@ Group memberships for a directory object (user, group, service principal, or org
 POST /directoryObjects/{id}/checkMemberGroups
 ```
 
-Group memberships for the signed-in user or other users.
+Group memberships for the signed-in user.
 <!-- { "blockType": "ignored" } -->
 ```http
 POST /me/checkMemberGroups
+```
+
+Group memberships for other users.
+<!-- { "blockType": "ignored" } -->
+```http
 POST /users/{id | userPrincipalName}/checkMemberGroups
 ```
 

api-reference/beta/api/directoryobject-checkmemberobjects.md

@@ -30,12 +30,20 @@ One of the following permissions is required to call this API. To learn more, in
 |Delegated (personal Microsoft account) | Not supported.    |
 |Application | Directory.Read.All |
 
-### Memberships for a user
+### Memberships for the signed-in user
 <!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 |Permission type      | Permissions (from least to most privileged)              |
 |:--------------------|:---------------------------------------------------------|
 |Delegated (work or school account) | User.Read, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All    |
 |Delegated (personal Microsoft account) | Not supported.    |
+|Application | Not supported. |
+
+### Memberships for other users
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+|Permission type      | Permissions (from least to most privileged)              |
+|:--------------------|:---------------------------------------------------------|
+|Delegated (work or school account) | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All    |
+|Delegated (personal Microsoft account) | Not supported.    |
 |Application | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
 
 ### Memberships for a group
@@ -80,13 +88,19 @@ Memberships for a directory object.
 POST /directoryObjects/{id}/checkMemberObjects
 ```
 
-Memberships for a user.
+Memberships for the signed-in user.
 <!-- { "blockType": "ignored" } -->
 ```http
 POST /me/checkMemberObjects
 POST /users/{id | userPrincipalName}/checkMemberObjects
 ```
 
+Memberships for other users.
+<!-- { "blockType": "ignored" } -->
+```http
+POST /users/{id | userPrincipalName}/checkMemberObjects
+```
+
 Memberships for a group.
 <!-- { "blockType": "ignored" } -->
 ```http

api-reference/beta/api/user-list-memberof.md

@@ -24,12 +24,12 @@ Choose the permission or permissions marked as least privileged for this API. Us
 
 ### Permissions for the signed-in user's direct memberships
 
-<!-- { "blockType": "permissions", "name": "user_list_memberof" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/user-list-memberof-permissions.md)]
 
 ### Permissions for another user's direct memberships
 
-<!-- { "blockType": "permissions", "name": "user_list_memberof_2" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/user-list-memberof-2-permissions.md)]
 
 [!INCLUDE [limited-info](../../includes/limited-info.md)]

api-reference/beta/api/user-list-transitivememberof.md

@@ -24,12 +24,12 @@ Choose the permission or permissions marked as least privileged for this API. Us
 
 ### Permissions for the signed-in user's memberships
 
-<!-- { "blockType": "permissions", "name": "user_list_transitivememberof" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/user-list-transitivememberof-permissions.md)]
 
 ### Permissions for another user's memberships
 
-<!-- { "blockType": "permissions", "name": "user_list_transitivememberof_2" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/user-list-transitivememberof-2-permissions.md)]
 
 [!INCLUDE [limited-info](../../includes/limited-info.md)]

api-reference/beta/includes/permissions/user-list-memberof-2-permissions.md

@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 
 |Permission type|Least privileged permissions|Higher privileged permissions|
 |:---|:---|:---|
-|Delegated (work or school account)|User.Read|Directory.Read.All, Directory.ReadWrite.All, GroupMember.Read.All|
+|Delegated (work or school account)|User.Read.All|Directory.Read.All, Directory.ReadWrite.All, GroupMember.Read.All|
 |Delegated (personal Microsoft account)|Not supported.|Not supported.|
 |Application|Directory.Read.All|Directory.ReadWrite.All|
 

api-reference/beta/includes/permissions/user-list-transitivememberof-2-permissions.md

@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 
 |Permission type|Least privileged permissions|Higher privileged permissions|
 |:---|:---|:---|
-|Delegated (work or school account)|User.Read|Directory.Read.All, Directory.ReadWrite.All, Group.Read.All, GroupMember.Read.All, User.Read.All|
+|Delegated (work or school account)|User.Read.All|Directory.Read.All, Directory.ReadWrite.All, Group.Read.All, GroupMember.Read.All|
 |Delegated (personal Microsoft account)|Not supported.|Not supported.|
 |Application|User.Read.All|Directory.Read.All, Directory.ReadWrite.All, Group.Read.All, GroupMember.Read.All|
 

api-reference/v1.0/api/directoryobject-checkmembergroups.md

@@ -28,7 +28,16 @@ You can check up to a maximum of 20 groups per request. This function supports a
 |Delegated (personal Microsoft account) | Not supported.    |
 |Application | User.Read.All and GroupMember.Read.All, User.Read.All and Group.Read.All, Directory.Read.All |
 
-### Group memberships for a user
+### Group memberships for the signed-in user
+
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+|Permission type      | Permissions (from least to most privileged)              |
+|:--------------------|:---------------------------------------------------------|
+|Delegated (work or school account) | User.Read, User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All    |
+|Delegated (personal Microsoft account) | Not supported.    |
+|Application | Not supported. |
+
+### Group memberships for other users
 
 <!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 |Permission type      | Permissions (from least to most privileged)              |
@@ -69,22 +78,6 @@ You can check up to a maximum of 20 groups per request. This function supports a
 <!-- { "blockType": "permissions", "name": "directoryobject_checkmembergroups_6" } -->
 [!INCLUDE [permissions-table](../includes/permissions/directoryobject-checkmembergroups-6-permissions.md)]
 
-<!--
-
-Use the follow scenario guidance to help determine which permission types to use:
-
-| Scenario | Permissions to use |
-|:-|:-|
-| To get group memberships for the signed-in user | Use one of the following sets of permissions: <br/> <li> **User.Read** and **GroupMember.Read.All** <li>**User.Read** and **Group.Read.All** |
-| To get group memberships for any user | Use one of the following sets of permissions: <br/> <li> **User.ReadBasic.All** and **GroupMember.Read.All** <li>**User.Read.All** and **GroupMember.Read.All** <li>**User.ReadBasic.All** and **Group.Read.All** <li>**User.Read.All** and **Group.Read.All** |
-| To get group memberships for a group | Use either the **GroupMember.Read.All** or **Group.Read.All** permission. |
-| To get group memberships for a directory object | Use the **Directory.Read.All** permission. |
-
-<!-- These tables will replace the data in lines 22-36 to help with the tooling that parses permissions tables.
-+ Current data is copy-pasted from incorrect files/file names
-+ To validate these permissions against lines 32-36
--->
-
 ## HTTP request
 
 Group memberships for a directory object (user, group, service principal, or organizational contact).
@@ -93,10 +86,15 @@ Group memberships for a directory object (user, group, service principal, or org
 POST /directoryObjects/{id}/checkMemberGroups
 ```
 
-Group memberships for the signed-in user or other users.
+Group memberships for the signed-in user.
 <!-- { "blockType": "ignored" } -->
 ```http
 POST /me/checkMemberGroups
+```
+
+Group memberships for other users.
+<!-- { "blockType": "ignored" } -->
+```http
 POST /users/{id | userPrincipalName}/checkMemberGroups
 ```
 

api-reference/v1.0/api/directoryobject-checkmemberobjects.md

@@ -28,7 +28,15 @@ One of the following permissions is required to call this API. To learn more, in
 |Delegated (personal Microsoft account) | Not supported.    |
 |Application | Directory.Read.All |
 
-### Memberships for a user
+### Memberships for the signed-in user
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+|Permission type      | Permissions (from least to most privileged)              |
+|:--------------------|:---------------------------------------------------------|
+|Delegated (work or school account) | User.Read, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All    |
+|Delegated (personal Microsoft account) | Not supported.    |
+|Application | Not supported. |
+
+### Memberships for other users
 <!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 |Permission type      | Permissions (from least to most privileged)              |
 |:--------------------|:---------------------------------------------------------|
@@ -78,10 +86,15 @@ Memberships for a directory object.
 POST /directoryObjects/{id}/checkMemberObjects
 ```
 
-Memberships for a user.
+Memberships for the signed-in user.
 <!-- { "blockType": "ignored" } -->
 ```http
 POST /me/checkMemberObjects
+```
+
+Memberships for other users.
+<!-- { "blockType": "ignored" } -->
+```http
 POST /users/{id | userPrincipalName}/checkMemberObjects
 ```
 

api-reference/v1.0/api/user-list-memberof.md

@@ -22,12 +22,12 @@ Choose the permission or permissions marked as least privileged for this API. Us
 
 ### Permissions for the signed-in user's direct memberships
 
-<!-- { "blockType": "permissions", "name": "user_list_memberof" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/user-list-memberof-permissions.md)]
 
 ### Permissions for another user's direct memberships
 
-<!-- { "blockType": "permissions", "name": "user_list_memberof_2" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/user-list-memberof-2-permissions.md)]
 
 [!INCLUDE [limited-info](../../includes/limited-info.md)]

api-reference/v1.0/api/user-list-transitivememberof.md

@@ -22,12 +22,12 @@ Choose the permission or permissions marked as least privileged for this API. Us
 
 ### Permissions for the signed-in user's memberships
 
-<!-- { "blockType": "permissions", "name": "user_list_transitivememberof" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/user-list-transitivememberof-permissions.md)]
 
 ### Permissions for another user's memberships
 
-<!-- { "blockType": "permissions", "name": "user_list_transitivememberof_2" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/user-list-transitivememberof-2-permissions.md)]
 
 [!INCLUDE [limited-info](../../includes/limited-info.md)]