Admin consent question

Copper Contributor

I will need to use some Graph scopes that require admin consent so user consent is basically out of the question. While testing this, I have found that as a non-admin user, I request Policy.Read.All (for example) which requires admin consent. Once the admin grants that access, I can see it listed...

Admin_t5r2c_0-1707070449249.png

This is all fine but what I have seen is that if I login as a different non-admin user and query something that needs Policy.Read.All, then it will succeed without asking for consent again. So if the admin consents to a permission/scope one time, does that mean the app is now stamped with that permission and anybody can just use it? That is what I am seeing unless I use "Assignment required" in the app...

Admin_t5r2c_1-1707070665033.png

 

I've read plenty of documentation but the answer isn't clear to me. If an admin grants admin consent, then is that app now authorized to make these admin consent calls regardless of whatever non-admin user is signing in and using it? 

0 Replies