granularity for delegation of azure app permissions
We need more granularity for the delegation of azure app permissions to developers and administrators.
Administrators and developers require that an app must be restricted to a specific group of users or objects. For a group in a single tenant, there is no granular authorization for groups of users or objects (such as Sharepoint online sites, teams and other resources).
Developers can do this by using popular authorization patterns, such as: B. Azure's role-based access control (Azure RBAC). However, this approach involves a considerable amount of work for developers.
We would like a delegation of authorizations in a single tenant to groups of users and resources.
Example: Restrict the App Permission to access only sharepoint sites with a filter prefix like /sites/Contoso1_ or other attributes