Weekly Permissions sync 2025-12-13 #1378
Conversation
There was a problem hiding this comment.
Pull request overview
This PR performs a weekly permissions synchronization that adds new Copilot package management permissions and updates their provisioning configuration. The changes enable delegated and application-level access to read and manage Copilot packages through the Microsoft Graph API.
- Adds two new permission scopes:
CopilotPackages.Read.AllandCopilotPackages.ReadWrite.All - Populates previously empty permission IDs and enables visibility for delegated work schemes
- Configures API paths and HTTP methods for package catalog operations
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| permissions/new/provisioningInfo.json | Populates permission IDs for CopilotPackages permissions, enables delegated work schemes (isHidden=false, isEnabled=true), and keeps application schemes hidden/disabled |
| permissions/new/permissions.json | Defines complete permission structures for CopilotPackages.Read.All and CopilotPackages.ReadWrite.All with delegation schemes, API paths (/copilot/admin/catalog/packages), HTTP methods, and ownership information |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "schemes": { | ||
| "DelegatedWork": { | ||
| "adminDisplayName": "Read all packages information", | ||
| "adminDescription": "Allows the user to read the packages information", |
There was a problem hiding this comment.
Inconsistency between adminDescription and userDescription: The admin description says "Allows the user to read the packages information" (singular "user"), but the user description says "Allows the app to read packages information." These descriptions should be consistent in their phrasing. Consider updating the adminDescription to match the pattern used in userDescription, for example: "Allows the app to read the packages information on behalf of the signed-in user."
| "schemes": { | ||
| "DelegatedWork": { | ||
| "adminDisplayName": "Read and update all packages information", | ||
| "adminDescription": "Allows the user to read and update the packages information", |
There was a problem hiding this comment.
Inconsistency between adminDescription and userDescription: The admin description says "Allows the user to read and update the packages information" (singular "user"), but the user description says "Allows the app to read and update packages information." These descriptions should be consistent in their phrasing. Consider updating the adminDescription to match the pattern used in userDescription, for example: "Allows the app to read and update the packages information on behalf of the signed-in user."
| "methods": [ | ||
| "GET", | ||
| "POST" | ||
| ], |
There was a problem hiding this comment.
The permission description mentions "read and update packages information," but the HTTP methods only include GET and POST. Typically, update operations require PATCH or PUT methods (as seen in other similar ReadWrite permissions like AuthenticationContext.ReadWrite.All which includes DELETE, PATCH, and PUT). Consider adding PATCH, PUT, or DELETE to the methods array if package information needs to be updated or deleted, or clarify in the description that only creation (POST) and reading (GET) are supported.
Weekly Permissions sync 2025-12-13