Hi, I have been looking at the dbt OAuth scope requirements. The scope access delegated to dbt seems really wide spanning across the iDP. In the Microsoft Graph scenario, the delegated access Directory.AccessAsUser.All and Directory.Read.All seems unnecessary and distracts from the concept of zero trust. Knowing a user’s groups and some unique identifiers should be sufficient.
Is there a reduced scope that can be used instead. If not, would that be on the roadmap.