HelloID

In the grant permission script, you get $permissionReference (PowerShell v1) or $actionContext.References.Permission (PowerShell v2), whose Reference property specifies the standard permission currently being granted. In the if not $dryRun block, write conditional logic to check this value and make the necessary API calls into the target system. For example, add the target account to a certain group. Your script must handle all standard permissions defined in the current permission set.

By default, the update permission script is disabled (empty). In almost all cases, if your permissions require update actions, you should be using sub-permissions in a single permission script instead. See Permission actions.

In the revoke permission script, you get the same $permissionReference (PowerShell v1) or $actionContext.References.Permission (PowerShell v2) as in the grant permission script. In the if not $dryRun block, check the active standard permission and reverse its grant. For example, remove the group membership from the target account.