rezamt · July 27, 2025 12:00 · rezamt · Jul 24, 2025 · rezamt · Jul 27, 2025
diff --git a/gistfile1.txt b/gistfile1.txt
 ---
 applyTo: "**/{prod*,stg*,dev*}.yaml"
 ---

 # Command: Check Prmissions

 Check the Current File's Entra ID Permissions and compae them with `Reference Permissions Table` below in this file.

 # Permissions Report

 ## Current File: `{{file_path}}`

 Application Name: {{app_name}}
 Permissions:

 - `{{permission_id}}` - `{{permission_name}}`: {{Type}}
  {{Description}}

 (If the permission is not listed in permissions.yaml, mark the Type as RED)

 ## ATTENTION: Do not add any additional description or text to the report.

 # Reference Permissions Table

 All Microsoft Graph Permissions for Entra ID applications are listed below. Compare the permissions in the current file with this table.:

 ```yaml
 permissions:
  # Delegated permissions (work or school accounts)
  - Identifier: User.Read
    Category: User
    DisplayText: "Sign in and read user profile"
    Description: "Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users."
    AdminConsentRequired: false
    Type: Green

  - Identifier: User.ReadWrite
    Category: User
    DisplayText: "Read and write access to user profile"
    Description: "Allows the app to read your profile. It also allows the app to update your profile information on your behalf."
    AdminConsentRequired: false
    Type: Amber

  - Identifier: User.ReadBasic.All
    Category: User
    DisplayText: "Read all users' basic profiles"
    Description: "Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user."
    AdminConsentRequired: true
    Type: Green

  # Application permissions
  - Identifier: User.Read.All
    AdminConsentRequired: false
    Type: Green

  - Identifier: User.ReadBasic.All
    Category: User
    DisplayText: "Read all users' basic profiles"
    Description: "Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user."
    AdminConsentRequired: true
    Type: Green

  # Application permissions
  - Identifier: User.Read.All
    Category: User
    DisplayText: "Read all users' full profiles"
    Description: "Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, without a signed-in user."
    AdminConsentRequired: true
    Type: Green

  - Identifier: User.ReadWrite.All
    Category: User
    DisplayText: "Read and write all users' full profiles"
    Description: "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, without a signed-in user."
    AdminConsentRequired: true
    Type: Green

  # Mail permissions
  - Identifier: Mail.Read
    Category: Mail
    DisplayText: "Read user mail"
    Description: "Allows the app to read email in user mailboxes."
    AdminConsentRequired: false
    Type: Green

  - Identifier: Mail.ReadWrite
    Category: Mail
    DisplayText: "Read and write access to user mail"
    Description: "Allows the app to create, read, update, and delete email in user mailboxes."
    AdminConsentRequired: false
    Type: Amber

  # Calendars
  - Identifier: Calendars.Read
    Category: Calendar
    DisplayText: "Read user calendars"
    Description: "Allows the app to read events in user calendars."
    AdminConsentRequired:
    Type: Green

  # OpenID
  - Identifier: openid
    Category: openid
    DisplayText: "Read user calendars"
    Description: "Allows the app to read events in user calendars."
    AdminConsentRequired:
    Type: Purple COCO
 ```

 EXAMPLE REPORT:

 ```markdown
 # Permissions Report

 #### Application Name: My Sample App

 #####Permissions:

 - e1fe6dd8-ba31-4d61-89e7-88639da4683d - User.Read: Green
 - 10465720-29dd-4523-a11a-6a75c743c9d9 - Files.Read: RED
 - 37f7f235-527c-4136-accd-4a02d197296e - openid: Purple COCO
 ```
	---
	applyTo: "*/{prod,stg,dev}.yaml"
	---

	# Command: Check Prmissions

	Check the Current File's Entra ID Permissions and compae them with `Reference Permissions Table` below in this file.

	# Permissions Report

	## Current File: `{{file_path}}`

	Application Name: {{app_name}}
	Permissions:

	- `{{permission_id}}` - `{{permission_name}}`: {{Type}}
	{{Description}}

	(If the permission is not listed in permissions.yaml, mark the Type as RED)

	## ATTENTION: Do not add any additional description or text to the report.

	# Reference Permissions Table

	All Microsoft Graph Permissions for Entra ID applications are listed below. Compare the permissions in the current file with this table.:

	```yaml
	permissions:
	# Delegated permissions (work or school accounts)
	- Identifier: User.Read
	Category: User
	DisplayText: "Sign in and read user profile"
	Description: "Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users."
	AdminConsentRequired: false
	Type: Green

	- Identifier: User.ReadWrite
	Category: User
	DisplayText: "Read and write access to user profile"
	Description: "Allows the app to read your profile. It also allows the app to update your profile information on your behalf."
	AdminConsentRequired: false
	Type: Amber

	- Identifier: User.ReadBasic.All
	Category: User
	DisplayText: "Read all users' basic profiles"
	Description: "Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user."
	AdminConsentRequired: true
	Type: Green

	# Application permissions
	- Identifier: User.Read.All
	AdminConsentRequired: false
	Type: Green

	- Identifier: User.ReadBasic.All
	Category: User
	DisplayText: "Read all users' basic profiles"
	Description: "Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user."
	AdminConsentRequired: true
	Type: Green

	# Application permissions
	- Identifier: User.Read.All
	Category: User
	DisplayText: "Read all users' full profiles"
	Description: "Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, without a signed-in user."
	AdminConsentRequired: true
	Type: Green

	- Identifier: User.ReadWrite.All
	Category: User
	DisplayText: "Read and write all users' full profiles"
	Description: "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, without a signed-in user."
	AdminConsentRequired: true
	Type: Green

	# Mail permissions
	- Identifier: Mail.Read
	Category: Mail
	DisplayText: "Read user mail"
	Description: "Allows the app to read email in user mailboxes."
	AdminConsentRequired: false
	Type: Green

	- Identifier: Mail.ReadWrite
	Category: Mail
	DisplayText: "Read and write access to user mail"
	Description: "Allows the app to create, read, update, and delete email in user mailboxes."
	AdminConsentRequired: false
	Type: Amber

	# Calendars
	- Identifier: Calendars.Read
	Category: Calendar
	DisplayText: "Read user calendars"
	Description: "Allows the app to read events in user calendars."
	AdminConsentRequired:
	Type: Green

	# OpenID
	- Identifier: openid
	Category: openid
	DisplayText: "Read user calendars"
	Description: "Allows the app to read events in user calendars."
	AdminConsentRequired:
	Type: Purple COCO
	```

	EXAMPLE REPORT:

	```markdown
	# Permissions Report

	#### Application Name: My Sample App

	#####Permissions:

	- e1fe6dd8-ba31-4d61-89e7-88639da4683d - User.Read: Green
	- 10465720-29dd-4523-a11a-6a75c743c9d9 - Files.Read: RED
	- 37f7f235-527c-4136-accd-4a02d197296e - openid: Purple COCO
	```