Hi all,
we are currently trying to get API connections to our M365 accounts. Our company has strict security rules and we need to apply for these connections. We need to list all necessary permissions and about that I’m not sure.
The required and optional permissions (for delegated permissions) are listed in Integration service which was very helpful already. So I added most of them to our list.
I’m not sure about the remaining ones, however:
- Group.Read.All
- Group.ReadWrite.All
Those two require Admin Consent (whatever that means).
Our robots (with their individual M365 accounts) access files and folders which have been directly assigned to them by the owners, with access permissions to only those files/folders, not their parents (for the most part).
The URLs look like this:
I edited the URLs in this list to look like root level URLs, they originally would look like that:
(I don’t know if that makes any difference in our application?)
Most say “teams”, few say “sites” - I don’t understand the difference really…
So here the questions:
-
If the robots had access on root level, would it say “sites” instead of “teams”?
-
If “teams” refers to Groups, do we need Group.Read permissions to handle files or will Files.Read and Sites.Read be enough?
-
Additionally, I found this info here in the forum: 365 SharePoint - #15 by Anil_G - would we require access rights on much higher level in general then? I thought the purpose of delegated permissions was that it acts within the user’s granted access rights.
(Additional, maybe helpful, background info: we are blocked from using OneDrive synchronization in our company, so we cannot just access the files through synched OneDrive folders.)
Thank you for your help. This topic is really confusing for me, as I don’t have any IT background and all this stuff is twisting my brain…