Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

3
User.ReadWite.All & b2c ownership
Post Flair (click to view more posts with a particular flair)
Post Body

We have a few B2C tenants and at a pretty high level I am being asked to provide users with User.ReadWite.All permissions. While I'm ok giving this to an application that has its code reviewed by an administrator, I'm not real keen on letting non-administrator type individuals have this right.

Its my impression that having that permission would allow those users to do things like delete owners of the subscription, if not thousands of b2c users. While I can accept if the developers screwed up and it deleted all the users of their application, I can't accept that the b2c can't be used anymore because owners have been deleted or had their passwords reset or something.

I couldn't find anything about this, but I'm *hoping* that owners of the b2c would be immune from that permission, so if I gave it, I wouldn't have to worry about losing control over it.

The developers (MS consultants) are requesting this access to change a custom extension attribute on b2c users.

Thanks for any insight, just trying to do the right thing from a security and process perspective.

Author
Account Strength
100%
Account Age
13 years
Verified Email
Yes
Verified Flair
No
Total Karma
47,247
Link Karma
400
Comment Karma
46,430
Profile updated: 5 days ago
Posts updated: 14 hours ago

Subreddit

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
11 months ago