This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
We have a few B2C tenants and at a pretty high level I am being asked to provide users with User.ReadWite.All permissions. While I'm ok giving this to an application that has its code reviewed by an administrator, I'm not real keen on letting non-administrator type individuals have this right.
Its my impression that having that permission would allow those users to do things like delete owners of the subscription, if not thousands of b2c users. While I can accept if the developers screwed up and it deleted all the users of their application, I can't accept that the b2c can't be used anymore because owners have been deleted or had their passwords reset or something.
I couldn't find anything about this, but I'm *hoping* that owners of the b2c would be immune from that permission, so if I gave it, I wouldn't have to worry about losing control over it.
The developers (MS consultants) are requesting this access to change a custom extension attribute on b2c users.
Thanks for any insight, just trying to do the right thing from a security and process perspective.
Subreddit
Post Details
- Posted
- 11 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/AZURE/comme...