@@ -27,7 +27,7 @@ function Set-AppRolesIfNeeded {
2727 [Guid ] $TenantId
2828 )
2929 Write-Verbose " Set-AppRolesIfNeeded starting..."
30-
30+
3131 $scriptsDirectory = Split-Path $PSScriptRoot - Parent
3232 . ($scriptsDirectory + ' \Scripts\Install-AzModuleIfNeeded.ps1'
3333 Install-AzModuleIfNeeded
@@ -38,10 +38,19 @@ function Set-AppRolesIfNeeded {
3838
3939 [String []]$memberTypes = " User" , " Application"
4040
41- $jobCreatorRole = @ {
42- DisplayName = " Job Creator"
43- Description = " Can create jobs and have access to the Membership Management page."
44- Value = " Job.Create"
41+ $jobOwnerReaderRole = @ {
42+ DisplayName = " Job Reader"
43+ Description = " Can read owned destinations in the tenant."
44+ Value = " Job.Read.OwnedBy"
45+ Id = [Guid ]::NewGuid().ToString()
46+ IsEnabled = $True
47+ AllowedMemberTypes = @ ($memberTypes )
48+ }
49+
50+ $jobOwnerWriterRole = @ {
51+ DisplayName = " Job Writer"
52+ Description = " Can create, view, and update owned destinations in the tenant."
53+ Value = " Job.ReadWrite.OwnedBy"
4554 Id = [Guid ]::NewGuid().ToString()
4655 IsEnabled = $True
4756 AllowedMemberTypes = @ ($memberTypes )
@@ -92,13 +101,14 @@ function Set-AppRolesIfNeeded {
92101 AllowedMemberTypes = @ ($memberTypes )
93102 }
94103
95- $newAppRoles = @ ($jobCreatorRole ,
96- $jobTenantReaderRole ,
97- $jobTenantWriterRole ,
98- $submissionReviewerRole ,
99- $hyperlinkAdministratorRole ,
100- $customMembershipProviderAdministratorRole
101- )
104+ $newAppRoles = @ ($jobOwnerReaderRole ,
105+ $jobOwnerWriterRole ,
106+ $jobTenantReaderRole ,
107+ $jobTenantWriterRole ,
108+ $submissionReviewerRole ,
109+ $hyperlinkAdministratorRole ,
110+ $customMembershipProviderAdministratorRole
111+ )
102112
103113 $currentAppRoles = $WebApiApp.AppRole
104114
0 commit comments