From 45fe26497dc380c8461481fae571dd7e60b9bf64 Mon Sep 17 00:00:00 2001 From: Ryan Royals <47660394+ryan-royals@users.noreply.github.com> Date: Wed, 6 Sep 2023 14:30:04 +0930 Subject: [PATCH 1/2] Update group.md --- docs/resources/group.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/group.md b/docs/resources/group.md index 2f9fdba85a..ef8a78a1c6 100644 --- a/docs/resources/group.md +++ b/docs/resources/group.md @@ -14,7 +14,7 @@ When authenticated with a service principal, this resource requires one of the f Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`. -If using the `assignable_to_role` property, this resource additionally requires one of the following application roles: `RoleManagement.ReadWrite.Directory` or `Directory.ReadWrite.All` +If using the `assignable_to_role` property, this resource additionally requires both of the following application roles: `RoleManagement.ReadWrite.Directory` and `Directory.ReadWrite.All` If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All` From 3ef98ac721b047ed754738d27afff6cd8493f9c9 Mon Sep 17 00:00:00 2001 From: Tom Bamford Date: Wed, 8 May 2024 18:41:44 +0100 Subject: [PATCH 2/2] only `RoleManagement.ReadWrite.Directory` is needed to set `isAssignableToRole` --- docs/resources/group.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/group.md b/docs/resources/group.md index ef8a78a1c6..718355b833 100644 --- a/docs/resources/group.md +++ b/docs/resources/group.md @@ -14,7 +14,7 @@ When authenticated with a service principal, this resource requires one of the f Alternatively, if the authenticated service principal is also an owner of the group being managed, this resource can use the application role: `Group.Create`. -If using the `assignable_to_role` property, this resource additionally requires both of the following application roles: `RoleManagement.ReadWrite.Directory` and `Directory.ReadWrite.All` +If using the `assignable_to_role` property, this resource additionally requires the `RoleManagement.ReadWrite.Directory` application role. If specifying owners for a group, which are user principals, this resource additionally requires one of the following application roles: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`