||Read all applications
||Allows the app to read all applications and service principals without a signed-in user.
||Read and write all applications
||Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants.
||Manage apps that this app creates or owns
||Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user. It cannot update any apps that it is not an owner of.