Merge pull request maester365#538 from magnusjak/Added-support-for-'R…

…oleManagement.ReadWrite.Directory'-privileged-role Added support for 'RoleManagement.ReadWrite.Directory' as privileged …
michaelmsonne · Dec 8, 2024 · 96739dc · 96739dc
2 parents cd49783 + 9b5b321
commit 96739dc
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 5 deletions.
diff --git a/powershell/public/Get-MtRoleMember.ps1 b/powershell/public/Get-MtRoleMember.ps1
@@ -79,7 +79,7 @@ function Get-MtRoleMember {
     if ($Active) {
       $types += @{active = "roleManagement/directory/roleAssignments" }
     }
-    if ($Eligible -and "RoleEligibilitySchedule.ReadWrite.Directory" -in $scopes) {
+    if ($Eligible -and ("RoleEligibilitySchedule.ReadWrite.Directory" -in $scopes -or "RoleManagement.ReadWrite.Directory" -in $scopes)) {
       $types += @{eligible = "roleManagement/directory/roleEligibilityScheduleRequests" }
     } elseif ($Eligible) {
       Write-Warning "Skipping eligible roles as required Graph permission 'RoleEligibilitySchedule.ReadWrite.Directory' was not present."

diff --git a/powershell/public/cis/Test-MtCisGlobalAdminCount.ps1 b/powershell/public/cis/Test-MtCisGlobalAdminCount.ps1
@@ -25,7 +25,7 @@ function Test-MtCisGlobalAdminCount {
     }
 
     $scopes = (Get-MgContext).Scopes
-    $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes
+    $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes -and "RoleManagement.ReadWrite.Directory" -notin $scopes
     if ($permissionMissing) {
         Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Missing Scope RoleEligibilitySchedule.ReadWrite.Directory"
         return $null

diff --git a/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 b/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1
@@ -24,7 +24,7 @@ function Test-MtCisaCloudGlobalAdmin {
     }
 
     $scopes = (Get-MgContext).Scopes
-    $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes
+    $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes -and "RoleManagement.ReadWrite.Directory" -notin $scopes
     if($permissionMissing){
         Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Missing Scope RoleEligibilitySchedule.ReadWrite.Directory"
         return $null

diff --git a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1
@@ -24,7 +24,7 @@ function Test-MtCisaGlobalAdminCount {
     }
 
     $scopes = (Get-MgContext).Scopes
-    $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes
+    $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes -and "RoleManagement.ReadWrite.Directory" -notin $scopes
     if($permissionMissing){
         Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Missing Scope RoleEligibilitySchedule.ReadWrite.Directory"
         return $null

diff --git a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1
@@ -24,7 +24,7 @@ function Test-MtCisaGlobalAdminRatio {
     }
 
     $scopes = (Get-MgContext).Scopes
-    $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes
+    $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes -and "RoleManagement.ReadWrite.Directory" -notin $scopes
     if($permissionMissing){
         Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Missing Scope RoleEligibilitySchedule.ReadWrite.Directory"
         return $null