Forum Discussion
app registrations - any way to prevent owners from changing / adding API permissions
We would like to allow owners to update their client secrets / certs but prevent them from modifying or adding API permissions. Is there a way to modify the default app registration owner role to do...
No, it's not specific to enterprise apps, and you can scope it down to individual app/SP if needed. Follow the references in the above article for more details.
You have to manually add each app as needed though, there is no "dynamic" scope of "all apps I own" that you can use, if that's what you mean.
You have to manually add each app as needed though, there is no "dynamic" scope of "all apps I own" that you can use, if that's what you mean.
Yeah, that's kind of what I'm getting at. App registration ownership allows app owners to basically do anything with SPs they own except grant admin consent. I want to prevent SP owners from doing certain things like modifying API permissions while allowing them to do other things like update their own certs / client secrets.
