Narrowing down external app credentials to a tenant

Hi all,

I recently learned that to restrict an external app credential’s access to a specific folder, the external application must first be defined at the administration level without any assigned scope. Once defined, it can then be assigned directly to a folder, granting it access only to that location. And now I can easily achieve this.

However, I’m encountering issues when trying to grant the external app access at the tenant level—specifically, allowing it to access all folders without assigning it to each one individually.

Although I’ve assigned the developer access group (which has access to all folders) to the external app, the credentials still cannot access the folders. I also tested by granting the app admin-level permissions, but that didn’t resolve the issue either.

Attached are the tenant-level permissions currently configured for the app. I’d appreciate any insights or suggestions you might have on this.

The image depicts an access permissions management interface for an external application, displaying roles and their associated access privileges categorized by actions such as view, edit, create, and delete. (Captioned by AI)1388×1417 64.4 KB

Hi @Giraldo_Juan_P

In my view, it works the same way as normal user accounts.

Lets take an example to understand better,

if Sonali Aggarwal account is added at tenant level and even though she is an admin, unless she is added to a folder, she cannot see/access contents of that folder.

So in my view, it works the same way for external app.

Only providing Tenant level permissions are helpful for other type of settings(non-folder level) like accessing monitoring tab for example, of managing access tab and few other stuff that can be handled at tenant level.

Hope this helps.

Regards
Sonali

Yes, it does thank you @sonaliaggarwal47

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.