Reducing the Assigned Permissions
After onboarding is complete and learning mode is done, you may remove the following permissions from the Avanan application:
|
Permissions |
Claim Value |
|---|---|
|
Read and write all directory RBAC settings |
RoleManagement.ReadWrite.Directory |
|
Read and write domains |
Domain.ReadWrite.All |
Note:
Do not remove the corresponding read-only permissions of these applications (Read domains and Read all directory RBAC settings).
If Avanan is onboarded before March 2026 and do not reauthorize it, the application may still include the AD Graph API permission (Directory.ReadWrite.All). This permission is no longer required, and you can remove it.