Merge pull request #25508 from microsoftgraph/rbac-customsecurityattributes

Lauragra · web-flow · commit 8c832ae2a8bc · 2024-10-24T20:22:44.000-07:00
Entra admin roles - CSAs
diff --git a/api-reference/beta/api/allowedvalue-get.md b/api-reference/beta/api/allowedvalue-get.md
@@ -24,12 +24,12 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "allowedvalue_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/allowedvalue-get-permissions.md)]
 
-The signed-in user must also be assigned one of the following [directory roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
-
-+ Attribute Definition Reader
-+ Attribute Definition Administrator
-
-By default, Global Administrator and other administrator roles do not have permissions to read, define, or assign custom security attributes.
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following privileged roles are supported for this operation.
+> - Attribute Definition Reader
+> - Attribute Definition Administrator
+>
+> - By default, Global Administrator and other administrator roles do not have permissions to read, define, or assign custom security attributes.
 
 ## HTTP request
 
diff --git a/api-reference/beta/api/directory-list-customsecurityattributedefinitions.md b/api-reference/beta/api/directory-list-customsecurityattributedefinitions.md
@@ -24,13 +24,13 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "directory_list_customsecurityattributedefinitions" } -->
 [!INCLUDE [permissions-table](../includes/permissions/directory-list-customsecurityattributedefinitions-permissions.md)]
 
-The signed-in user must also be assigned one of the following [directory roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
-
-+ Attribute Definition Reader
-+ Attribute Assignment Administrator
-+ Attribute Definition Administrator
-
-By default, Global Administrator and other administrator roles do not have permissions to read, define, or assign custom security attributes.
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following privileged roles are supported for this operation.
+> - Attribute Definition Reader
+> - Attribute Assignment Administrator
+> - Attribute Definition Administrator
+>
+> By default, Global Administrator and other administrator roles do not have permissions to read, define, or assign custom security attributes.
 
 ## HTTP request
 
diff --git a/api-reference/beta/includes/rbac-for-apis/rbac-customsecurityattibutes-apis-definition-assignment-read.md b/api-reference/beta/includes/rbac-for-apis/rbac-customsecurityattibutes-apis-definition-assignment-read.md
@@ -3,11 +3,11 @@ author: CecilyK
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following privileged roles are supported for this operation.
-
-+ Attribute Assignment Reader
-+ Attribute Definition Reader
-+ Attribute Assignment Administrator
-+ Attribute Definition Administrator
-
-By default, *Global Administrator* and other administrator roles don't have permissions to read, define, or assign custom security attributes.
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following privileged roles are supported for this operation.
+> - Attribute Assignment Reader
+> - Attribute Definition Reader
+> - Attribute Assignment Administrator
+> - Attribute Definition Administrator
+>
+> By default, *Global Administrator* and other administrator roles don't have permissions to read, define, or assign custom security attributes.
diff --git a/api-reference/beta/includes/rbac-for-apis/rbac-customsecurityattibutes-apis-write.md b/api-reference/beta/includes/rbac-for-apis/rbac-customsecurityattibutes-apis-write.md
@@ -3,6 +3,7 @@ author: CecilyK
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. *Attribute Definition Administrator* is the only privileged role supported for this operation.
-
-By default, *Global Administrator* and other administrator roles don't have permissions to read, define, or assign custom security attributes.
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. *Attribute Definition Administrator* is the only privileged role supported for this operation.
+> 
+> By default, *Global Administrator* and other administrator roles don't have permissions to read, define, or assign custom security attributes.
diff --git a/api-reference/beta/includes/rbac-for-apis/rbac-customsecurityattibutes-audit-apis-read.md b/api-reference/beta/includes/rbac-for-apis/rbac-customsecurityattibutes-audit-apis-read.md
@@ -2,9 +2,10 @@
 author: rolyon
 ms.topic: include
 ---
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following privileged roles are supported for this operation.
 
-- Attribute Log Reader
-- Attribute Log Administrator
-
-By default, Global Administrator and other administrator roles do not have permissions to read custom security attribute audit logs.
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following privileged roles are supported for this operation.
+> - Attribute Log Reader
+> - Attribute Log Administrator
+> 
+> By default, Global Administrator and other administrator roles do not have permissions to read custom security attribute audit logs.
diff --git a/api-reference/v1.0/includes/rbac-for-apis/rbac-customsecurityattibutes-apis-definition-assignment-read.md b/api-reference/v1.0/includes/rbac-for-apis/rbac-customsecurityattibutes-apis-definition-assignment-read.md
@@ -3,11 +3,12 @@ author: CecilyK
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following privileged roles are supported for this operation.
-
-+ Attribute Assignment Reader
-+ Attribute Definition Reader
-+ Attribute Assignment Administrator
-+ Attribute Definition Administrator
-
-By default, *Global Administrator* and other administrator roles don't have permissions to read, define, or assign custom security attributes.
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following privileged roles are supported for this operation.
+>
+> - Attribute Assignment Reader
+> - Attribute Definition Reader
+> - Attribute Assignment Administrator
+> - Attribute Definition Administrator
+>
+> By default, *Global Administrator* and other administrator roles don't have permissions to read, define, or assign custom security attributes.
diff --git a/api-reference/v1.0/includes/rbac-for-apis/rbac-customsecurityattibutes-apis-write.md b/api-reference/v1.0/includes/rbac-for-apis/rbac-customsecurityattibutes-apis-write.md
@@ -3,6 +3,7 @@ author: CecilyK
 ms.topic: include
 ---
 
-In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. *Attribute Definition Administrator* is the only privileged role supported for this operation.
-
-By default, *Global Administrator* and other administrator roles don't have permissions to read, define, or assign custom security attributes.
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. *Attribute Definition Administrator* is the only privileged role supported for this operation.
+> 
+> By default, *Global Administrator* and other administrator roles don't have permissions to read, define, or assign custom security attributes.
