ℹ️ Info
Druva uses .ReadWrite.All to create, read, or update data in Microsoft Entra ID.
Druva uses .Read.All to read data from Microsoft Entra ID.
ObjectName/API | API permissions | Permission type | Usage |
Users | User.ReadWrite.All
User.Read.All | Application | To backup and restore user objects |
groups | Group.ReadWrite.All
Group.Read.All
GroupMember.ReadWrite.Al | Application | To backup and restore group objects and their members/owners |
applications | Application.ReadWrite.All Application.Read.All | Application | To backup and restore application objects and their members/owners |
servicePrincipals | Application.ReadWrite.All Application.Read.All
AppRoleAssignment.ReadWrite.All | Application | To backup and restore enterprise applications objects and their members/owners |
devices | Device.Read.All | Application | To backup device objects and their owners |
directoryRole | RoleManagement.ReadWrite.Directory,
RoleManagement.Read.Directory | Application | To backup inbuilt directory roles and their assignments/members |
Custom Roles | RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory | Application | To backup and restore custom roles and their assignments/members (P2/E3/E5 license is required) |
User Setting(Authorization Policy) | Policy.Read.All, Policy.ReadWrite.Authorization | Application | To backup and update user settings |
TenantSetting | Directory.Read.All Policy.ReadWrite.SecurityDefaults, DeviceManagementServiceConfig.Read.All DeviceManagementServiceConfig.ReadWrite.All, Organization.ReadWrite.All | Application | To backup and update tenant settings, getting company branding, organization information |