ChrisStylianou
Jun 13, 2023Copper Contributor
Status:
New
Provided "OwnedBy" permissions for Groups and GroupMember
Today, when a service principal is an owner of a group, certain functionality using the MS Graph works with no addtional grants, such as add/remove member and get a group's specific detail. However i...
VlijmenFileer
Aug 10, 2024Brass Contributor
I was also searching for an added permission "Group.ReadWrite.OwnedBy".
However, in line with the existing Application.ReadWrite.OwnedBy, it should specifically also enable the holder to create a new Group while immediately becoming Owner.
I think that aspect of automatically becoming Owner is the core of that permission. It enables delegation of creation AND management of Groups, without handing out the extremely sensitive permission to modify or remove all Groups in the tenant.
I would say this is a highly coveted permission, it would be great if it could be added. An added bonus would be if it could be split into Security Group and M365 Group creation. That is however more a practical consideration than a security or governance one.