App Permissions (Cloud)

Required permissions

For the App to work properly, it needs access to be able to access SharePoint content in the context of the current user. Therefore the app will request the following permissions:

Permission

Type

Description

Why do we need this?

Admin consent required

Permission

Type

Description

Why do we need this?

Admin consent required

Microsoft Graph

  • User.Read

Delegated

Allows users to sign-in to the app and allows to read the profile of signed-in users. It also allows to read basic company information of signed-in users.

Used exclusively for login purposes to login the user to Microsoft services.

No

  • Sites.ReadWrite.All

Delegated

Allows to edit or delete documents and list items in all site collections on behalf of the signed-in user.

Used for querying SharePoint sites, files and lists, as well as allowing operations like uploading files to SharePoint document libraries from Confluence.

No

Please also have a look at the official permission reference from Microsoft to get detailed information about the permission handling.

The SharePoint Connector for Confluence is a browser only app, therefore giving consent to the app will not allow it to perform operations on behalf of the app but only on behalf of the user currently logged in. Permissions are delegated therefore users will only be able to perform what they are allowed to. (same Permissions as SharePoint will be applied)

No data is stored or processed offline by any means by our app.

Optional permissions

Some advanced features require additional scopes to be consented in the context of the current user. These permissions are optional and can be granted while using the specific app feature that requires them.

Permission

Type

Description

What is this scope used for ?

Admin consent required

Permission

Type

Description

What is this scope used for ?

Admin consent required

Microsoft Graph

  • User.ReadBasic.All

Delegated

Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo.

When embedding SharePoint lists containing person or group columns, this scope is used to display the profile picture of the user(s) contained in the field.

No

  • Team.ReadBasic.All

Delegated

Read the names and descriptions of teams, on behalf of the signed-in user.

When embedding SharePoint lists containing person or group columns, this scope is used to display the profile picture of the group(s) contained in the field.

No

  • Presence.Read.All

Delegated

Allows the app to read presence information of all users in the directory on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.

When embedding SharePoint lists containing person or group columns, this scope is used to display presence information about the user(s) contained in the field.

No

Please also have a look at the official permission reference from Microsoft to get detailed information about the permission handling.

When you use the app for the first time or the required permissions of the app have changed, a dialog will show all delegated permissions that the app requires to work.

You have to grant these permissions in order to get the app working.

You are able to remove these permissions at any time!



Image 1: App consent dialog

If your current user is an administrator you will see the additional checkbox "Consent on behalf of your organization".

Checking this will consent to the app for every user that is part of your organization. In this case the individual users don't have to grant the permissions on their own.

If you want to remove the app permissions for your current user you can follow these steps:

  1. Navigate to https://myapps.microsoft.com using a browser of your choice

  2. Search for the app SharePoint Connector for Confluence

  3. Remove the app using the context menu

The full guide can be found on the official documentation from Microsoft: Edit or revoke application permissions in the My Apps portal


Page Content