Permissions used by a User session
The tables below lists permissions used by the sapio365 application:
Ytria sapio365 - with Admin Consent (3.2)
Ytria sapio365 incl. Keyvault - with Admin Consent (3.2) (this application is used when the Key Vault feature has been enabled)
Microsoft Graph Permission | Description | ID |
|---|---|---|
Application.ReadWrite.All | Read and write all applications | bdfbf15f-ee85-4955-8675-146e8e5296b5 |
AuditLog.Read.All | Read audit log data | e4c9e354-4dc5-45b8-9e7c-e1393b0b1a20 |
Calendars.ReadWrite.Shared | Read and write user and shared calendars | 12466101-c9b8-439a-8589-dd09ee67e8e9 |
Channel.Create | Create channels | 101147cf-4178-4455-9d58-02b5c164e759 |
Channel.Delete.All | Delete channels | cc83893a-e232-4723-b5af-bd0b01bcfe65 |
ChannelMember.ReadWrite.All | Add and remove members from channels | 0c3e411a-ce45-4cd1-8f30-f99a3efa7b11 |
ChannelMessage.Read.All | Read user channel messages | 767156cb-16ae-4d10-8f8b-41b657c8c8c8 |
ChannelSettings.ReadWrite.All | Read and write the names, descriptions, and settings of channels | d649fb7c-72b4-4eec-b2b4-b15acf79e378 |
Chat.ReadWrite | Read and write user chat messages | 9ff7295e-131b-4d94-90e1-69fde507ac11 |
ChatMessage.Read | Read user chat messages | cdcdac3a-fd45-410d-83ef-554db620e5c7 |
Contacts.ReadWrite.Shared | Read and write user and shared contacts | afb6c84b-06be-49af-80bb-8f3f77004eab |
CrossTenantInformation.ReadBasic.All | Read cross-tenant basic information | 81594d25-e88e-49cf-ac8c-fecbff49f994 |
DelegatedAdminRelationship.Read.All1 | Read Delegated Admin relationships with customers | 0c0064ea-477b-4130-82a5-4c2cc4ff68aa |
Device.Read.All | Read all devices | 951183d1-1a61-466f-a6d1-1fde911bfd95 |
Directory.AccessAsUser.All | Access directory as the signed in user | 0e263e50-5827-48a4-b97c-d940288653c7 |
Directory.ReadWrite.All | Read and write directory data | c5366453-9fb0-48a5-a156-24f0c49a4b84 |
Files.ReadWrite.All | Have full access to all files user can access | 863451e7-0667-486c-a5d6-d135439485f0 |
Group.ReadWrite.All | Read and write all groups | 4e46008b-f24c-477d-8fff-7bb4ec7aafe0 |
GroupMember.ReadWrite.All | Read and write group memberships | f81125ac-d3b7-4573-a3b2-7099cc39df9e |
InformationProtectionPolicy.Read1 | Read user sensitivity labels and label policies. | 4ad84827-5578-4e18-ad7a-86530b12f884 |
Mail.ReadWrite.Shared | Read and write user and shared mail | 5df07973-7d5d-46ed-9847-1271055cbd51 |
Mail.Send | Send mail as a user | e383f46e-2787-4529-855e-0e479a3ffac0 |
Mail.Send.Shared | Send mail on behalf of others | a367ab51-6b49-43bf-a716-a1fb06d2a174 |
MailboxSettings.ReadWrite | Read and write user mailbox settings | 818c620a-27a9-40bd-a6a5-d96f7d610b4b |
Member.Read.Hidden | Read hidden memberships | f6a3db3e-f7e8-4ed2-a414-557c8c9830be |
offline_access | Maintain access to data you have given it access to | 7427e0e9-2fba-42fe-b0c0-848c9e6a8182 |
openid | Sign users in | 37f7f235-527c-4136-accd-4a02d197296e |
OrgContact.Read.All | Read organizational contacts | 08432d1b-5911-483c-86df-7980af5cdee0 |
Policy.Read.All | Read your organization's policies | 572fea84-0151-49b2-9301-11cb16974376 |
Policy.ReadWrite.AuthenticationMethod | Read and write authentication method policies | 7e823077-d88e-468f-a337-e18f1f0e6c7c |
Reports.Read.All | Read all usage reports | 02e97553-ed7b-43d0-ab3c-f8bace0d040c |
ReportSettings.ReadWrite.All | Read and write admin report settings | b955410e-7715-4a88-a940-dfd551018df3 |
RoleManagement.ReadWrite.Directory | Read and write directory RBAC settings | d01b97e9-cbc0-49fe-810a-750afd5527a3 |
Sites.FullControl.All | Have full control of all site collections | 5a54b8b3-347c-476d-8f8e-42d5c7424d29 |
Tasks.ReadWrite.Shared | Read and write user and shared tasks | c5ddf11b-c114-4886-8558-8a4e557cd52b |
Team.Create | Create teams | 7825d5d6-6049-4ce7-bdf6-3b8d53f4bcd0 |
TeamSettings.ReadWrite.All | Read and change teams’ settings | 39d65650-9d3e-4223-80db-a335590d027e |
User-LifeCycleInfo.ReadWrite.All | Read and write all users’ lifecycle information | 7ee7473e-bd4b-4c9f-987c-bd58481f5fa2 |
User.Read | Sign in and read user profile | e1fe6dd8-ba31-4d61-89e7-88639da4683d |
User.ReadWrite.All | Read and write all users’ full profiles | 204e0828-b5ca-4ad8-b9f3-f32a958e7cc4 |
Azure Service Management Permission | Description | ID |
|---|---|---|
user_impersonation | Access Azure Resource Manager as organization users | 41094075-9dad-400e-a0bd-54e686782033 |
Azure Key Vault Permission2 | Description | ID |
|---|---|---|
user_impersonation | Have full access to the Azure Key Vault service | f53da476-18e3-4152-8e01-aec403e6edc0 |
1 Microsoft Graph Permissions “DelegatedAdminRelationship.Read.All“ and InformationProtectionPolicy.Read are not available for National Cloud Deployments.
2 Azure Key Vault Permission “user_impersonation” is only used by the Ytria sapio365 incl. Keyvault - with Admin Consent (3.2) application.