Calendar Plus by Bamboo Solutions uses API Permissions to function fully in a SharePoint tenant. Below is a chart identifying all the permissions that are requested and their purposes.
Sr. | Scope | Findings | Reason |
When using User Calendars | |||
1. | Calendars.Read | Required | Needed when reading from Calendars. |
2. | Calendars.ReadWrite | Optional | Needed when reading and writing from Calendars. |
3. | User.Read.All | Required | Needed to get usesr details. |
When using Shared Calendars | |||
4. | Calendars.Read.Shared | Required |
Needed when reading from Shared Calendars. Note: Granting this permission will allow to read from user calendar |
5. | Calendars.ReadWrite.Shared | Optional |
Needed when reading and writing from Shared Calendars. Note: Granting this permission will allow to write to user calendar |
When using Group Calendars | |||
6. | Group.Read.All | Required | Needed when reading from Group Calendars. |
7. | Group.ReadWrite.All | Optional | Needed when reading and writing from Shared Calendars. |
Not Required Removed from Product | |||
8. | GroupMember.Read.All | Not Required | Not required because we are not using this. |
9. | User.ReadBasic.All | Not Required | Not required because User.Read.All covers this. |
-
Calendars.Read:
- Scope: Allows the app to read all calendars and events in the signed-in user's calendar.
- Details: This permission provides read-only access to the full details of the user's calendar events, including attendees, body content, and sensitivity.
- Use Case: Ideal for applications that need to show detailed calendar information but do not require the ability to modify or create events.
-
Calendars.ReadWrite:
- Scope: Allows the app to read, create, update, and delete events in the signed-in user's calendar.
- Details: This permission grants full access to manage the user's calendar events, including creating new events, updating existing ones, and deleting events.
- Use Case: Necessary for applications that need to provide calendar management features, allowing users to fully interact with their calendar data.
_________________________________________________________________________ |
-
Calendars.Read.Shared:
- This permission allows the app to read events in all calendars that are shared with the signed-in user.
- It provides read-only access to shared calendars, meaning the app can view the events but cannot modify them.
-
Calendars.ReadWrite.Shared:
- This permission allows the app to read and write events in all calendars that are shared with the signed-in user.
- It provides both read and write access to shared calendars, meaning the app can view, create, update, and delete events in the shared calendars.
_________________________________________________________________________ |
-
User.Read.All:
- Scope: Grants permission to read the full set of user profile properties for all users in the organization.
- Access Level: This is a broader permission that allows access to more detailed information about users.
- Typical Use Case: This permission is generally used when an application needs to access detailed user information, such as full names, job titles, email addresses, and other profile details.
-
User.ReadBasic.All:
- Scope: Grants permission to read a basic set of user profile properties for all users in the organization. This includes properties such as userPrincipalName, displayName, and mail.
- Access Level: This is more restrictive permission that limits the access to only a subset of user properties.
- Typical Use Case: This permission is typically used when an application needs to access only basic user information, such as for a directory or contact list, without exposing detailed personal information.
_________________________________________________________________________ |
-
Group.Read.All:
- Read-Only Access: This permission grants the ability to read all groups and their properties, such as membership, settings, and other group details.
- Scope: Can read basic and detailed properties of all groups, including their membership and group settings.
- Use Cases: Suitable for applications that need to display or list groups and their details without modifying them. For example, an app that shows a list of groups a user belongs to or displays group properties.
-
Group.ReadWrite.All:
- Read and Write Access: This permission grants the ability to read and write all groups and their properties.
- Scope: Can create, update, and delete groups, as well as modify group memberships and settings.
- Use Cases: Suitable for applications that need to manage groups actively. This includes creating new groups, updating group properties, changed memberships, or deleting groups. For example, an admin dashboard for managing organizational groups or a workflow that involves modifying group memberships dynamically.
References:
- https://graphpermissions.merill.net/permission/
- ChatGPT
- Self-Testing
Comments
0 comments
Please sign in to leave a comment.