Forum Discussion
Granting App ability to change group memberships by making it an owner?
Hello, We'd like an app to be able to control memberships of only certain security groups using app-based authentication. Today it is documented that a GroupMember.ReadWrite.All role is needed...
I don't recall ever seeing a mention in the documentation about any scenario in which the app/service principal is assigned as an owner of another object, say a group or another SP... as long as it works for your use case, go for it. The alternative would be to try to scope the permissions via Administrtive units, which is still subject to tons of limitations.