ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
439248ba15
TenantAtlas/specs/030-intune-rbac-backup/plan.md
ahmido 602195324b spec/024-additional-intune-types (#28) 
specs for additional intune types

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #28
2026-01-04 02:27:44 +00:00

973 B
Raw Blame History

Plan: Intune RBAC Backup (Role Definitions + Assignments) (030)

Branch: feat/030-intune-rbac-backup
Date: 2026-01-04
Input: spec.md

Approach

  1. Confirm Graph API details for RBAC:
    • deviceManagement/roleDefinitions
    • deviceManagement/roleAssignments
    • required permissions, paging, and any known restrictions
  2. Decide modeling:
    • policy types (in Policy inventory) vs foundation types (backup-only)
  3. Add config/contract entries with restore mode preview-only.
  4. Implement snapshot capture with careful sanitization (no secrets, no tokens).
  5. Implement restore preview dependency checks:
    • groups referenced by assignments
    • scope tags / scope members
  6. Add targeted tests for inventory + backup + preview.

Decisions / Notes

  • Default to preview-only for execution due to high blast radius.
  • Prefer mapping by stable identifiers (roleDefinition roleKey/displayName) and treat ambiguity as a block.