Line 84:
Line 84: ======API og tilladelser======
======API og tilladelser======
<br />
'''SharePoint '''
======Microsoft Graph (155) Delegated permissions======
[[File:Sdfdhfh.png|none|thumb|1064x1064px]]
*Microsoft Graph (Applications Permissions)
[[File:Sddsfhn.png|none|thumb|1055x1055px]]
'''Microsoft Graph (155)'''
{| class="wikitable"
{| class="wikitable"
|Agreement.Read.All
|Delegated
|Read all terms of use agreements
|-
|Agreement.ReadWrite.All
|Delegated
|Read and write all terms of use agreements
|-
|AgreementAcceptance.Read
|Delegated
|Read user terms of use acceptance statuses
|-
|AgreementAcceptance.Read.All
|Delegated
|Read terms of use acceptance statuses that user can access
|-
|Application.ReadWrite.OwnedBy
|Application
|Manage apps that this app creates or owns
|-
|AuditLog.Read.All
|Delegated
|Read audit log data
|-
|AuditLog.Read.All
|Application
|Read all audit log data
|-
|Bookings.Manage.All
|Delegated
|Manage bookings information
|-
|Bookings.Read.All
|Delegated
|Read bookings information
|-
|Bookings.ReadWrite.All
|Delegated
|Read and write bookings information
|-
|BookingsAppointment.ReadWrite.All
|Delegated
|Read and write booking appointments
|-
|Calendars.Read
|Delegated
|Read user calendars
|-
|Calendars.Read
|Application
|Read calendars in all mailboxes
|-
|Calendars.Read.Shared
|Delegated
|Read user and shared calendars
|-
|Calendars.ReadWrite
|Delegated
|Have full access to user calendars
|-
|Calendars.ReadWrite
|Application
|Read and write calendars in all mailboxes
|-
|Calendars.ReadWrite.Shared
|Delegated
|Read and write user and shared calendars
|-
|Calls.AccessMedia.All
|Application
|Access media streams in a call as an app
|-
|Calls.Initiate.All
|Application
|Initiate outgoing 1 to 1 calls from the app
|-
|Calls.InitiateGroupCall.All
|Application
|Initiate outgoing group calls from the app
|-
|Calls.JoinGroupCall.All
|Application
|Join group calls and meetings as an app
|-
|Calls.JoinGroupCallAsGuest.All
|Application
|Join group calls and meetings as a guest
|-
|Contacts.Read
|Delegated
|Read user contacts
|-
|Contacts.Read
|Application
|Read contacts in all mailboxes
|-
|Contacts.Read.Shared
|Delegated
|Read user and shared contacts
|-
|Contacts.ReadWrite
|Delegated
|Have full access to user contacts
|-
|Contacts.ReadWrite
|Application
|Read and write contacts in all mailboxes
|-
|Contacts.ReadWrite.Shared
|Delegated
|Read and write user and shared contacts
|-
|Device.Command
|Delegated
|Communicate with user devices
|-
|Device.Read
|Delegated
|Read user devices
|-
|Device.ReadWrite.All
|Application
|Read and write devices
|-
|DeviceManagementApps.Read.All
|Delegated
|Read Microsoft Intune apps
|-
|DeviceManagementApps.ReadWrite.All
|Delegated
|Read and write Microsoft Intune apps
|-
|DeviceManagementConfiguration.Read.All
|Delegated
|Read Microsoft Intune Device Configuration and Policies
|-
|DeviceManagementConfiguration.ReadWrite.All
|Delegated
|Read and write Microsoft Intune Device Configuration and Policies
|-
|DeviceManagementManagedDevices.PrivilegedOperations.All
|Delegated
|Perform user-impacting remote actions on Microsoft Intune devices
|-
|DeviceManagementManagedDevices.Read.All
|Delegated
|Read Microsoft Intune devices
|-
|DeviceManagementManagedDevices.ReadWrite.All
|Delegated
|Read and write Microsoft Intune devices
|-
|DeviceManagementRBAC.Read.All
|Delegated
|Read Microsoft Intune RBAC settings
|-
|DeviceManagementRBAC.ReadWrite.All
|Delegated
|Read and write Microsoft Intune RBAC settings
|-
|DeviceManagementServiceConfig.Read.All
|Delegated
|Read Microsoft Intune configuration
|-
|DeviceManagementServiceConfig.ReadWrite.All
|Delegated
|Read and write Microsoft Intune configuration
|-
|Directory.AccessAsUser.All
|Delegated
|Access directory as the signed in user
|-
|Directory.Read.All
|Delegated
|Read directory data
|-
|Directory.Read.All
|Application
|Read directory data
|-
|Directory.ReadWrite.All
|Delegated
|Read and write directory data
|-
|Directory.ReadWrite.All
|Application
|Read and write directory data
|-
|Domain.ReadWrite.All
|Application
|Read and write domains
|-
|EAS.AccessAsUser.All
|Delegated
|Access mailboxes via Exchange ActiveSync
|-
|EduAdministration.Read
|Delegated
|Read education app settings
|-
|EduAdministration.Read.All
|Application
|Read Education app settings
|-
|EduAdministration.ReadWrite
|Delegated
|Manage education app settings
|-
|EduAdministration.ReadWrite.All
|Application
|Manage education app settings
|-
|EduAssignments.Read
|Delegated
|Read users' class assignments and their grades
|-
|EduAssignments.Read.All
|Application
|Read class assignments with grades
|-
|EduAssignments.ReadBasic
|Delegated
|Read users' class assignments without grades
|-
|EduAssignments.ReadBasic.All
|Application
|Read class assignments without grades
|-
|EduAssignments.ReadWrite
|Delegated
|Read and write users' class assignments and their grades
|-
|EduAssignments.ReadWrite.All
|Application
|Read and write class assignments with grades
|-
|EduAssignments.ReadWriteBasic
|Delegated
|Read and write users' class assignments without grades
|-
|EduAssignments.ReadWriteBasic.All
|Application
|Read and write class assignments without grades
|-
|EduRoster.Read
|Delegated
|Read users' view of the roster
|-
|EduRoster.Read.All
|Application
|Read the organization's roster
|-
|EduRoster.ReadBasic
|Delegated
|Read a limited subset of users' view of the roster
|-
|EduRoster.ReadBasic.All
|Application
|Read a limited subset of the organization's roster
|-
|EduRoster.ReadWrite
|Delegated
|Read and write users' view of the roster
|-
|EduRoster.ReadWrite.All
|Application
|Read and write the organization's roster
|-
|email
|Delegated
|View users' email address
|-
|Files.Read
|Delegated
|Read user files
|-
|Files.Read.All
|Delegated
|Read all files that user can access
|-
|Files.Read.All
|Application
|Read files in all site collections
|-
|Files.Read.Selected
|Delegated
|Read files that the user selects (preview)
|-
|Files.ReadWrite
|Delegated
|Have full access to user files
|-
|Files.ReadWrite.All
|Delegated
|Have full access to all files user can access
|-
|Files.ReadWrite.All
|Application
|Read and write files in all site collections
|-
|Files.ReadWrite.AppFolder
|Delegated
|Have full access to the application's folder (preview)
|-
|Files.ReadWrite.Selected
|Delegated
|Read and write files that the user selects (preview)
|-
|Financials.ReadWrite.All
|Delegated
|Read and write financials data
|-
|Group.Read.All
|Delegated
|Read all groups
|-
|Group.Read.All
|Application
|Read all groups
|-
|Group.ReadWrite.All
|Delegated
|Read and write all groups
|-
|Group.ReadWrite.All
|Application
|Read and write all groups
|-
|IdentityProvider.Read.All
|Delegated
|Read identity providers
|-
|IdentityProvider.ReadWrite.All
|Delegated
|Read and write identity providers
|-
|IdentityRiskEvent.Read.All
|Delegated
|Read identity risk event information
|-
|IdentityRiskEvent.Read.All
|Application
|Read all identity risk event information
|-
|Mail.Read
|Delegated
|Read user mail
|-
|Mail.Read
|Application
|Read mail in all mailboxes
|-
|Mail.Read.Shared
|Delegated
|Read user and shared mail
|-
|Mail.ReadWrite
|Delegated
|Read and write access to user mail
|-
|Mail.ReadWrite
|Application
|Read and write mail in all mailboxes
|-
|Mail.ReadWrite.Shared
|Delegated
|Read and write user and shared mail
|-
|Mail.Send
|Delegated
|Send mail as a user
|-
|Mail.Send
|Application
|Send mail as any user
|-
|Mail.Send.Shared
|Delegated
|Send mail on behalf of others
|-
|MailboxSettings.Read
|Delegated
|Read user mailbox settings
|-
|MailboxSettings.Read
|Application
|Read all user mailbox settings
|-
|MailboxSettings.ReadWrite
|Delegated
|Read and write user mailbox settings
|-
|MailboxSettings.ReadWrite
|Application
|Read and write all user mailbox settings
|-
|Member.Read.Hidden
|Delegated
|Read hidden memberships
|-
|Member.Read.Hidden
|Application
|Read all hidden memberships
|-
|Notes.Create
|Delegated
|Create user OneNote notebooks
|-
|Notes.Read
|Delegated
|Read user OneNote notebooks
|-
|Notes.Read.All
|Delegated
|Read all OneNote notebooks that user can access
|-
|Notes.Read.All
|Application
|Read all OneNote notebooks
|-
|Notes.ReadWrite
|Delegated
|Read and write user OneNote notebooks
|-
|Notes.ReadWrite.All
|Delegated
|Read and write all OneNote notebooks that user can access
|-
|Notes.ReadWrite.All
|Application
|Read and write all OneNote notebooks
|-
|Notes.ReadWrite.CreatedByApp
|Delegated
|Limited notebook access (deprecated)
|-
|offline_access
|Delegated
|Maintain access to data you have given it access to
|-
|OnlineMeetings.Read.All
|Application
|Read online meeting details
|-
|OnlineMeetings.ReadWrite.All
|Application
|Read and create online meetings
|-
|openid
|Delegated
|Sign users in
|-
|People.Read
|Delegated
|Read users' relevant people lists
|-
|People.Read.All
|Delegated
|Read all users' relevant people lists
|-
|People.Read.All
|Application
|Read all users' relevant people lists
|-
|PrivilegedAccess.ReadWrite.AzureAD
|Delegated
|Read and write privileged access to Azure AD
|-
|PrivilegedAccess.ReadWrite.AzureResources
|Delegated
|Read and write privileged access to Azure resources
|-
|profile
|Delegated
|View users' basic profile
|-
|Reports.Read.All
|Delegated
|Read all usage reports
|-
|Reports.Read.All
|Application
|Read all usage reports
|-
|SecurityEvents.Read.All
|Delegated
|Read your organization’s security events
|-
|SecurityEvents.Read.All
|Application
|Read your organization’s security events
|-
|SecurityEvents.ReadWrite.All
|Delegated
|Read and update your organization’s security events
|-
|SecurityEvents.ReadWrite.All
|Application
|Read and update your organization’s security events
|-
|Sites.FullControl.All
|Delegated
|Have full control of all site collections
|-
|-
|Sites.FullControl.All
|Sites.FullControl.All
Line 604:
Line 92: |-
|-
|Sites.Manage.All
|Sites.Manage.All
|Delegated
|Create, edit, and delete items and lists in all site collections
|-
|Sites.Manage.All
|Application
|Create, edit, and delete items and lists in all site collections
|-
|Sites.Read.All
|Delegated
|Read items in all site collections
|-
|Sites.Read.All
|Application
|Read items in all site collections
|-
|Sites.ReadWrite.All
|Delegated
|Edit or delete items in all site collections
|-
|Sites.ReadWrite.All
|Application
|Read and write items in all site collections
|-
|Subscription.Read.All
|Delegated
|Read all webhook subscriptions
|-
|Tasks.Read
|Delegated
|Read user's tasks and task lists
|-
|Tasks.Read.Shared
|Delegated
|Read user and shared tasks
|-
|Tasks.ReadWrite
|Delegated
|Create, read, update, and delete user’s tasks and task lists
|-
|Tasks.ReadWrite.Shared
|Delegated
|Read and write user and shared tasks
|-
|TeamsApp.ReadWrite.All
|Application
|Manage all users' Teams apps
|-
|TeamsAppInstallation.ReadWriteForTeam.All
|Application
|Manage Teams apps for all teams
|-
|TeamsAppInstallation.ReadWriteForUser.All
|Application
|Application
|Manage Teams apps for all users
|-
|TeamsAppInstallation.ReadWriteSelfForTeam.All
|Application
|Allow the Teams app to manage itself for all teams
|-
|TeamSettings.ReadWrite.All
|Application
|Read and change all teams' settings
|-
|TeamsTab.ReadWrite.All
|Application
|Read and write tabs in Microsoft Teams.
|-
|User.Invite.All
|Delegated
|Invite guest users to the organization
|-
|User.Invite.All
|Application
|Invite guest users to the organization
|-
|User.Read
|Delegated
|Sign in and read user profile
|-
|User.Read.All
|Delegated
|Read all users' full profiles
|-
|User.Read.All
|Application
|Read all users' full profiles
|-
|User.ReadBasic.All
|Delegated
|Read all users' basic profiles
|-
|User.ReadWrite
|Delegated
|Read and write access to user profile
|-
|User.ReadWrite.All
|Delegated
|Read and write all users' full profiles
|-
|User.ReadWrite.All
|Application
|Read and write all users' full profiles
|-
|UserActivity.ReadWrite.CreatedByApp
|Delegated
|Read and write app activity to users' activity feed
|-
|UserTimelineActivity.Write.CreatedByApp
|Delegated
|Write app activity to users' timeline
|}
'''OneNote 8'''
{| class="wikitable"
|-
|Notes.Create
|Delegated
|Create pages in OneNote notebooks
|-
|Notes.Read
|Delegated
|View OneNote notebooks
|-
|Notes.Read.All
|Application
|View notes for all users
|-
|Notes.Read.All
|Delegated
|View OneNote notebooks in your organization
|-
|Notes.ReadWrite
|Delegated
|View and modify OneNote notebooks
|-
|Notes.ReadWrite.All
|Application
|View and modify notes for all users
|-
|Notes.ReadWrite.All
|Delegated
|View and modify OneNote notebooks in your organization
|-
|Notes.ReadWrite.CreatedByApp
|Delegated
|Application-only OneNote notebook access
|}
'''SharePoint''' 19
{| class="wikitable"
|AllSites.FullControl
|Delegated
|Have full control of all site collections
|-
|AllSites.Manage
|Delegated
|Read and write items and lists in all site collections
|Read and write items and lists in all site collections
|-
|AllSites.Read
|Delegated
|Read items in all site collections
|-
|AllSites.Write
|Delegated
|Read and write items in all site collections
|-
|MyFiles.Read
|Delegated
|Read user files
|-
|MyFiles.Write
|Delegated
|Read and write user files
|-
|Sites.FullControl.All
|Application
|Have full control of all site collections
|-
|Sites.Manage.All
|Application
|Read and write items and lists in all site collections
|-
|Sites.Read.All
|Application
|Read items in all site collections
|-
|-
|Sites.ReadWrite.All
|Sites.ReadWrite.All
|Application
|Application
|Read and write items in all site collections
|Read and write items in all site collections
|-
|Sites.Search.All
|Delegated
|Run search queries as a user
|-
|-
|TermStore.Read.All
|TermStore.Read.All
|Application
|Application
|Read managed metadata
|Read managed metadata
|-
|TermStore.Read.All
|Delegated
|Read managed metadata
|-
|TermStore.ReadWrite.All
|Application
|Read and write managed metadata
|-
|TermStore.ReadWrite.All
|Delegated
|Read and write managed metadata
|-
|User.Read.All
|Application
|Read user profiles
|-
|User.Read.All
|Delegated
|Read user profiles
|-
|-
|User.ReadWrite.All
|User.ReadWrite.All
|Application
|Application
|Read and write user profiles
|-
|User.ReadWrite.All
|Delegated
|Read and write user profiles
|Read and write user profiles
|}
|}
MS graph permissions is a UMS backend requirement from version 8.5.203 which was released in June 2021"
MS graph permissions are required by these UMS modules (LiveAtEdu,OneNote, Sharepoint and MS Teams)
Creating App Registration Go to Azure Portal and login with you admin account( the same UMS uses ).
!!! ATTENTION !!! use service account that UMS uses
When logged in go to Azure Active Directory:
http://localhost ". After setting Application Permission values click "Create"
You will return to previous screen, here click "your new app"
Click "New Client Secret"
Enter a "Description" and set "Expires" to the interval that suits your needs.
Click "Add"
!!! ATTENTION !!! the key value will never be visible again so ensure to copy it.
Copy the "Appplication Client ID " into "UMS Configurator" Field Client ID
Click "Add a permission"
API og tilladelser SharePoint
Sites.FullControl.All
Application
Have full control of all site collections
Sites.Manage.All
Application
Read and write items and lists in all site collections
Sites.ReadWrite.All
Application
Read and write items in all site collections
TermStore.Read.All
Application
Read managed metadata
User.ReadWrite.All
Application
Read and write user profiles
Setup UMS to use Application just Created In the UMS Configurator go to Modules->Office 365 and click "SharePoint organization settings"
Choose your SharePoint organization setting and click "Edit..."
Input your "Tenant Name" ex. "cortenso.onmicrosoft.com ", paste the previously copied Application ID into "Client ID" field and paste previously copied KEY into "Client secret" and click "Ok"
File:UMSConfiguratorSharepointOrganizationSettingsEditWindow.png You are now all set to use the new MS Graph integration.
Permissions overview
Default permissions
Permission name
Permission type
API
Used for
Used by
User.ReadWrite.All
Application
Microsoft Graph
Setting attributes on the user in Office 365
Live_at_edu.exe
Group.ReadWrite.All
Application
Microsoft Graph
Setting group attributes on Office 365 groups
Live_at_edu.exe
GroupMember.ReadWrite.All
Application
Microsoft Graph
Manage GroupMembers in Office 365
Live_at_edu.exe
Directory.ReadWrite.All
Application
Microsoft Graph
Setting attributes on the user in Azure Active Directory
Live_at_edu.exe
MailboxSettings.ReadWrite
Application
Microsoft Graph
Used to set mailbox settings in Office 365.
Used to get/create categories
Live_at_edu.exe
Skemabrikker.exe
Calendars.ReadWrite
Application
Microsoft Graph
Used to allow UMS to sync calendar events to Office 365
Skemabrikker.exe
Files.ReadWrite.All
Application
Microsoft Graph
Used to provision OneDrive for users
Live_at_edu.exe
Teams sync permissions
Permission name
Permission type
API
Used for
Used by
EduRoster.ReadWrite.All
Application
Microsoft Graph
Allows the UMS to handle users on roster
Live_at_edu.exe
Member.Read.Hidden
Application
Microsoft Graph
Allows the UMS to handle users on roster
Live_at_edu.exe
TeamMember.ReadWrite.All
Application
Microsoft Graph
Used to add or remove users from Team
Live_at_edu.exe
TeamsTab.ReadWrite.All
Application
Microsoft Graph
Used to create tabs in teams
Live_at_edu.exe
TeamsAppInstallation.ReadForTeam.All
Application
Microsoft Graph
Used to install app in teams
Live_at_edu.exe
Team.Create
Application
Microsoft Graph
Used to create Teams
Live_at_edu.exe
Team.ReadBasic.All
Application
Microsoft Graph
Used to read teams
Live_at_edu.exe
