The tables below lists permissions used by the sapio365 application:
-
Ytria sapio365 - with Admin Consent (3.4)
-
Ytria sapio365 incl. Keyvault - with Admin Consent (3.4) (this application is used when the Key Vault feature has been enabled)
|
Microsoft Graph Permission |
Description |
ID |
|
|---|---|---|---|
|
1 |
Application.ReadWrite.All |
Read and write all applications |
bdfbf15f-ee85-4955-8675-146e8e5296b5 |
|
2 |
AuditLog.Read.All |
Read audit log data |
e4c9e354-4dc5-45b8-9e7c-e1393b0b1a20 |
|
3 |
Calendars.ReadWrite.Shared |
Read and write user and shared calendars |
12466101-c9b8-439a-8589-dd09ee67e8e9 |
|
4 |
Channel.Create |
Create channels |
101147cf-4178-4455-9d58-02b5c164e759 |
|
5 |
Channel.Delete.All |
Delete channels |
cc83893a-e232-4723-b5af-bd0b01bcfe65 |
|
6 |
ChannelMember.ReadWrite.All |
Add and remove members from channels |
0c3e411a-ce45-4cd1-8f30-f99a3efa7b11 |
|
7 |
ChannelMessage.Read.All |
Read user channel messages |
767156cb-16ae-4d10-8f8b-41b657c8c8c8 |
|
8 |
ChannelSettings.ReadWrite.All |
Read and write the names, descriptions, and settings of channels |
d649fb7c-72b4-4eec-b2b4-b15acf79e378 |
|
9 |
Chat.ReadWrite |
Read and write user chat messages |
9ff7295e-131b-4d94-90e1-69fde507ac11 |
|
10 |
ChatMessage.Read |
Read user chat messages |
cdcdac3a-fd45-410d-83ef-554db620e5c7 |
|
11 |
Community.ReadWrite.All1 |
Read and write all Viva Engage communities |
9e69467d-e0e2-402b-a926-3d796990197f |
|
12 |
Contacts.ReadWrite.Shared |
Read and write user and shared contacts |
afb6c84b-06be-49af-80bb-8f3f77004eab |
|
13 |
CrossTenantInformation.ReadBasic.All |
Read cross-tenant basic information |
81594d25-e88e-49cf-ac8c-fecbff49f994 |
|
14 |
DelegatedAdminRelationship.Read.All1 |
Read Delegated Admin relationships with customers |
0c0064ea-477b-4130-82a5-4c2cc4ff68aa |
|
15 |
Device.Read.All |
Read all devices |
951183d1-1a61-466f-a6d1-1fde911bfd95 |
|
16 |
Directory.AccessAsUser.All |
Access directory as the signed in user |
0e263e50-5827-48a4-b97c-d940288653c7 |
|
17 |
Directory.ReadWrite.All |
Read and write directory data |
c5366453-9fb0-48a5-a156-24f0c49a4b84 |
|
18 |
ExchangeMessageTrace.Read.All1 |
Search the email message trace |
b2e7d27e-14e7-41ad-bb15-a88ceb9c3e90 |
|
19 |
Files.ReadWrite.All |
Have full access to all files user can access |
863451e7-0667-486c-a5d6-d135439485f0 |
|
20 |
Group.ReadWrite.All |
Read and write all groups |
4e46008b-f24c-477d-8fff-7bb4ec7aafe0 |
|
21 |
GroupMember.ReadWrite.All |
Read and write group memberships |
f81125ac-d3b7-4573-a3b2-7099cc39df9e |
|
22 |
InformationProtectionPolicy.Read1 |
Read user sensitivity labels and label policies. |
4ad84827-5578-4e18-ad7a-86530b12f884 |
|
23 |
Mail.ReadWrite.Shared |
Read and write user and shared mail |
5df07973-7d5d-46ed-9847-1271055cbd51 |
|
24 |
Mail.Send |
Send mail as a user |
e383f46e-2787-4529-855e-0e479a3ffac0 |
|
25 |
Mail.Send.Shared |
Send mail on behalf of others |
a367ab51-6b49-43bf-a716-a1fb06d2a174 |
|
26 |
MailboxSettings.ReadWrite |
Read and write user mailbox settings |
818c620a-27a9-40bd-a6a5-d96f7d610b4b |
|
27 |
Member.Read.Hidden |
Read hidden memberships |
f6a3db3e-f7e8-4ed2-a414-557c8c9830be |
|
28 |
offline_access |
Maintain access to data you have given it access to |
7427e0e9-2fba-42fe-b0c0-848c9e6a8182 |
|
29 |
openid |
Sign users in |
37f7f235-527c-4136-accd-4a02d197296e |
|
30 |
OrgContact.Read.All |
Read organizational contacts |
08432d1b-5911-483c-86df-7980af5cdee0 |
|
31 |
Policy.Read.All |
Read your organization's policies |
572fea84-0151-49b2-9301-11cb16974376 |
|
32 |
Policy.ReadWrite.AuthenticationMethod |
Read and write authentication method policies |
7e823077-d88e-468f-a337-e18f1f0e6c7c |
|
33 |
PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |
Read, create, and delete assignment schedules for access to Azure AD groups |
06dbc45d-6708-4ef0-a797-f797ee68bf4b |
|
34 |
PrivilegedEligibilitySchedule.Read.AzureADGroup |
Read eligibility schedules for access to Azure AD groups |
8f44f93d-ecef-46ae-a9bf-338508d44d6b |
|
35 |
Reports.Read.All |
Read all usage reports |
02e97553-ed7b-43d0-ab3c-f8bace0d040c |
|
36 |
ReportSettings.ReadWrite.All |
Read and write admin report settings |
b955410e-7715-4a88-a940-dfd551018df3 |
|
37 |
RoleAssignmentSchedule.ReadWrite.Directory |
Read, update, and delete all active role assignments for your company's directory |
8c026be3-8e26-4774-9372-8d5d6f21daff |
|
38 |
RoleEligibilitySchedule.Read.Directory |
Read all eligible role assignments for your company's directory |
eb0788c2-6d4e-4658-8c9e-c0fb8053f03d |
|
39 |
RoleManagement.ReadWrite.Directory |
Read and write directory RBAC settings |
d01b97e9-cbc0-49fe-810a-750afd5527a3 |
|
40 |
Sites.FullControl.All |
Have full control of all site collections |
5a54b8b3-347c-476d-8f8e-42d5c7424d29 |
|
41 |
Tasks.ReadWrite.Shared |
Read and write user and shared tasks |
c5ddf11b-c114-4886-8558-8a4e557cd52b |
|
42 |
Team.Create |
Create teams |
7825d5d6-6049-4ce7-bdf6-3b8d53f4bcd0 |
|
43 |
TeamSettings.ReadWrite.All |
Read and change teams’ settings |
39d65650-9d3e-4223-80db-a335590d027e |
|
44 |
User-LifeCycleInfo.ReadWrite.All |
Read and write all users’ lifecycle information |
7ee7473e-bd4b-4c9f-987c-bd58481f5fa2 |
|
45 |
UserAuthenticationMethod.ReadWrite.All |
Read and write all users' authentication methods |
b7887744-6746-4312-813d-72daeaee7e2d |
|
46 |
User.Read |
Sign in and read user profile |
e1fe6dd8-ba31-4d61-89e7-88639da4683d |
|
47 |
User.ReadWrite.All |
Read and write all users’ full profiles |
204e0828-b5ca-4ad8-b9f3-f32a958e7cc4 |
|
Azure Service Management Permission |
Description |
ID |
|---|---|---|
|
user_impersonation |
Access Azure Resource Manager as organization users |
41094075-9dad-400e-a0bd-54e686782033 |
|
Azure Key Vault Permission2 |
Description |
ID |
|---|---|---|
|
user_impersonation |
Have full access to the Azure Key Vault service |
f53da476-18e3-4152-8e01-aec403e6edc0 |
1 Microsoft Graph Permissions ExchangeMessageTrace.Read.All, Community.ReadWrite.All, DelegatedAdminRelationship.Read.All and InformationProtectionPolicy.Read are not available for National Cloud Deployments.
2 Azure Key Vault Permission user_impersonation is only used by the Ytria sapio365 incl. Keyvault - with Admin Consent (3.3) application.