Permissions & Roles
Before you run the EasyLife 365 Identity, it's important to understand the access requirements and permission structures involved.
All users who have been granted access to the EasyLife 365 Identity through Microsoft Entra ID are provided read access to enterprise applications and app registrations. Depending on the roles assigned to a user, they may also be authorized to make modifications to these applications directly via the app.
Built-in Roles and Their Permissions
The ability to modify apps in the environment is determined by the user's assigned role. The following table outlines the built-in Microsoft Entra ID roles that grant varying levels of access—listed from most to least privileged:
| Role | Permissions |
|---|---|
| Global Administrator | Full control over all aspects of Microsoft Entra ID and all Microsoft services using Entra identities. |
| Application Administrator | Can create and manage all aspects of app registrations and enterprise applications. |
| Cloud Application Administrator | Can manage app registrations and enterprise apps, excluding App Proxy configuration. |
| Application Developer | Can create app registrations, regardless of the 'Users can register applications' directory setting. |
If none of these roles meet your specific requirements, you can also define a custom Entra ID role that includes the exact permissions needed for your environment and security model.
Fine-Grained Access Control
For scenarios where more detailed access control is necessary, Microsoft Entra ID offers two additional delegation mechanisms:
App Owner Assignment
You can assign users as app owners, granting them administrative capabilities for specific app registrations or enterprise applications. App owners can manage the app independently, much like administrators, but limited to the scope of the specific application they own.
Sponsor Feature
The sponsor feature allows you to grant select users limited modification rights over specific apps. Sponsors can be authorized to perform only designated actions, offering a high level of control and accountability when delegating permissions.