Forklaring omkring rettigheder
Når der tildeles rettigheder til applikationer i Microsoft Cloud-platformen, så kan det gøres med enten delegated permissions eller application permissions. I det følgende beskrives den anvendte rettighedsmodel for Evobis Management Shell samt baggrunden for denne.
Evobis Management Shell bygger udelukkende på delegated permissions, hvilket i praksis betyder, at du ikke giver flere rettigheder end den aktuelle brugers konto i forvejen har, som ellers kan være tilfældet ved brug af application permissions.
Groft sagt kan man sige, at der ved delegated permissions blot åbnes op for, at vi kan automatisere og scripte med udgangspunkt i brugerens eksisterende adgange.
Selvom listen over nødvendige adgange til Evobis Management Shell ved første øjekast kan se voldsom ud, så åbnes der altså ikke op for noget, som brugeren ikke allerede har adgang til. Vi giver med andre ord blot mulighed for at applikationen kan arbejde automatiseret med de angivne data, men kun hvis brugeren selv har rettighederne i forvejen. Dette muliggør en mere effektiv arbejdsgang.
Herunder finder du en fuld oversigt over de API-adgange som Evobis Management Shell anvender.
|
Scope |
Resource |
Description |
|
AuditLog.Read.All |
Microsoft Graph |
Read audit log data |
|
Bookings.Read.All |
Microsoft Graph |
Read bookings information |
|
Calendars.Read |
Microsoft Graph |
Read user calendars |
|
ChannelMember.ReadWrite.All |
Microsoft Graph |
Add and remove members from channels |
|
ChannelMessage.Read.All |
Microsoft Graph |
Read user channel messages |
|
ChannelMessage.ReadWrite |
Microsoft Graph |
Read and write user channel messages |
|
ChannelMessage.Send |
Microsoft Graph |
Send channel messages |
|
ChannelSettings.ReadWrite.All |
Microsoft Graph |
Read and write the names, descriptions, and settings of channels |
|
Chat.Read |
Microsoft Graph |
Read user chat messages |
|
Chat.ReadWrite |
Microsoft Graph |
Read and write user chat messages |
|
Directory.AccessAsUser.All |
Microsoft Graph |
Access directory as the signed in user |
|
Directory.ReadWrite.All |
Microsoft Graph |
Read and write directory data |
|
ExternalConnection.ReadWrite.All |
Microsoft Graph |
Read and write all external connections |
|
ExternalItem.Read.All |
Microsoft Graph |
Read items in external datasets |
|
Group.ReadWrite.All |
Microsoft Graph |
Read and write all groups |
|
IdentityProvider.ReadWrite.All |
Microsoft Graph |
Read and write identity providers |
|
InformationProtectionPolicy.Read |
Microsoft Graph |
Read user sensitivity labels and label policies. |
|
Mail.Read.Shared |
Microsoft Graph |
Read user and shared mail |
|
Mail.ReadWrite |
Microsoft Graph |
Read and write access to user mail |
|
Mail.Send |
Microsoft Graph |
Send mail as a user |
|
Notes.Read.All |
Microsoft Graph |
Read all OneNote notebooks that user can access |
|
Notes.ReadWrite.All |
Microsoft Graph |
Read and write all OneNote notebooks that user can access |
|
OnlineMeetingArtifact.Read.All |
Microsoft Graph |
Read user's online meeting artifacts |
|
OnlineMeetings.ReadWrite |
Microsoft Graph |
Read and create user's online meetings |
|
OnlineMeetingTranscript.Read.All |
Microsoft Graph |
Read all transcripts of online meetings. |
|
PeopleSettings.ReadWrite.All |
Microsoft Graph |
Read and write tenant-wide people settings |
|
Place.Read.All |
Microsoft Graph |
Read all company places |
|
Policy.Read.All |
Microsoft Graph |
Read your organization's policies |
|
RecordsManagement.ReadWrite.All |
Microsoft Graph |
Read and write Records Management configuration, labels, and policies |
|
Reports.Read.All |
Microsoft Graph |
Read all usage reports |
|
RoleAssignmentSchedule.ReadWrite.Directory |
Microsoft Graph |
Read, update, and delete all active role assignments for your company's directory |
|
RoleEligibilitySchedule.Read.Directory |
Microsoft Graph |
Read all eligible role assignments for your company's directory |
|
SecurityEvents.Read.All |
Microsoft Graph |
Read your organization’s security events |
|
ServiceHealth.Read.All |
Microsoft Graph |
Read service health |
|
ServiceMessage.Read.All |
Microsoft Graph |
Read service announcement messages |
|
ServiceMessageViewpoint.Write |
Microsoft Graph |
Update user status on service announcement messages |
|
Sites.Read.All |
Microsoft Graph |
Read items in all site collections |
|
Tasks.ReadWrite |
Microsoft Graph |
Create, read, update, and delete user’s tasks and task lists |
|
TeamMember.ReadWrite.All |
Microsoft Graph |
Add and remove members from teams |
|
TeamSettings.ReadWrite.All |
Microsoft Graph |
Read and change teams' settings |
|
TeamsTab.ReadWrite.All |
Microsoft Graph |
Read and write tabs in Microsoft Teams. |
|
User.Invite.All |
Microsoft Graph |
Invite guest users to the organization |
|
ActivityFeed.Read |
Office 365 Management APIs |
Read activity data for your organization |
|
ServiceHealth.Read |
Office 365 Management APIs |
Read service health information for your organization |
|
User |
Power Automate |
Access Microsoft Flow as signed in user |
|
Dataset.Read.All |
Power BI Service |
View all datasets |
|
AllSites.FullControl |
SharePoint |
Have full control of all site collections |
|
TermStore.ReadWrite.All |
SharePoint |
Read and write managed metadata |
|
User.ReadWrite.All |
SharePoint |
Read and write user profiles |