App Permissions (Cloud)
- Thomas Dedek
- Matej Dubovský
- Ferdinando Apuzzo
Required permissions
For the App to work properly, it needs access to be able to access SharePoint content in the context of the current user. Therefore the app will request the following permissions:
Permission | Type | Description | Why do we need this? | Admin consent required |
|---|---|---|---|---|
Microsoft Graph | ||||
| Delegated | Allows users to sign-in to the app and allows to read the profile of signed-in users. It also allows to read basic company information of signed-in users. | Used exclusively for login purposes to login the user to Microsoft services. | No |
| Delegated | Allows to edit or delete documents and list items in all site collections on behalf of the signed-in user. | Used for querying SharePoint sites, files and lists, as well as allowing operations like uploading files to SharePoint document libraries from Confluence. | No |
Please also have a look at the official permission reference from Microsoft to get detailed information about the permission handling.
The SharePoint Connector for Confluence is a browser only app, therefore giving consent to the app will not allow it to perform operations on behalf of the app but only on behalf of the user currently logged in. Permissions are delegated therefore users will only be able to perform what they are allowed to. (same Permissions as SharePoint will be applied)
No data is stored or processed offline by any means by our app.
Optional permissions
Some advanced features require additional scopes to be consented in the context of the current user. These permissions are optional and can be granted while using the specific app feature that requires them.
Permission | Type | Description | What is this scope used for ? | Admin consent required |
|---|---|---|---|---|
Microsoft Graph | ||||
| Delegated | Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo. | When embedding SharePoint lists containing person or group columns, this scope is used to display the profile picture of the user(s) contained in the field. | No |
| Delegated | Read the names and descriptions of teams, on behalf of the signed-in user. | When embedding SharePoint lists containing person or group columns, this scope is used to display the profile picture of the group(s) contained in the field. | No |
| Delegated | Allows the app to read presence information of all users in the directory on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. | When embedding SharePoint lists containing person or group columns, this scope is used to display presence information about the user(s) contained in the field. | No |
Please also have a look at the official permission reference from Microsoft to get detailed information about the permission handling.
Consent to the app
When you use the app for the first time or the required permissions of the app have changed, a dialog will show all delegated permissions that the app requires to work.
You have to grant these permissions in order to get the app working.
You are able to remove these permissions at any time!
Image 1: App consent dialog
If your current user is an administrator you will see the additional checkbox "Consent on behalf of your organization".
Checking this will consent to the app for every user that is part of your organization. In this case the individual users don't have to grant the permissions on their own.
Remove app consent
If you want to remove the app permissions for your current user you can follow these steps:
Navigate to https://myapps.microsoft.com using a browser of your choice
Search for the app SharePoint Connector for Confluence
Remove the app using the context menu
The full guide can be found on the official documentation from Microsoft: Edit or revoke application permissions in the My Apps portal