Role ID Purpose Description
User.EnableDisableAccount.All 3011c876-62b7-4ada-afa2-506cbbecc68c Enable and disable user accounts Allows the app to enable and disable users’ accounts, without a signed-in user.
User.Export.All 405a51b5-8d8d-430b-9842-8be4b0e9f324 Export user’s data Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user (e.g. a Company Administrator).
User.Invite.All 09850681-111b-4a89-9bed-3f2cae46d706 Invite guest users to the organization Allows the app to invite guest users to the organization, without a signed-in user.
User.ManageIdentities.All c529cfca-c91b-489c-af2b-d92990b66ce6 Manage all users’ identities Allows the app to read, update and delete identities that are associated with a user’s account, without a signed in user. This controls the identities users can sign-in with.
User.Read.All df021288-bdef-4463-88db-98f22de89214 Read all users’ full profiles Allows the app to read user profiles without a signed in user.
User.ReadBasic.All 97235f07-e226-4f63-ace3-39588e11d3a1 Read all users’ basic profiles Allows the app to read a basic set of profile properties of other users in your organization without a signed-in user. Includes display name, first and last name, email address, open extensions, and photo.
User.ReadWrite.All 741f803b-c850-494e-b5df-cde7c675a1ca Read and write all users’ full profiles Allows the app to read and update user profiles without a signed in user.