This is a list of the Microsoft Graph permissions requested by the Lightning Conductor SPFx web part for SharePoint Online.
Following is a list of all of the Microsoft Graph permissions requested by the current version of the Lightning Conductor. You may decide not to approve any for which you do not need the functionality provided by that permission.
These are all "Delegated" permissions, which a Global or Application Admin can approve on the API Access page in the SharePoint Admin Center. They will then be listed as API Permissions under the SharePoint Online Client Extensibility Web Application Principal application in Azure AD in your tenant. If you need additional Graph permissions (beyond those listed below) in order for your Graph query rollup to work, then a Global or Application Admin can manually grant them from the Azure AD portal.
- Contacts.Read: Read users' contacts, if this is something you wish to query.
- ExternalItem.Read.All (added in version 6.0.0.0)
- ExternalConnection.Read.All (added in version 6.0.0.0)
- Files.Read.All: Retrieve all files the current user can access. This is used when you are aggregating files using a Graph query rather than Object Model or Search. A use case would be displaying OneDrive files (one of the Lightning Conductor's "Quick" configuration options).
- Directory.Read.All: Read data in your organization's directory, such as users, groups, and apps. This is used for Lightning Conductor Graph queries related to M365 Groups and users, such as Planner plans and tasks, Group memberships, etc.
- Group.Read.All: List groups, and read their properties and all group memberships on behalf of the current user. Also allows the app to read calendars, conversations, files, and other group content for all groups the current user can access. Some use cases: displaying M365 Group calendar events, displaying Microsoft Teams you are a member of, or any use of the M365 Group data source (on the Data Source tab).
- Sites.Read.All: Read documents and list items in all site collections that the current user has access to. This is used when you are aggregating SharePoint content using a Graph query rather than Object Model or Search. This permission is required for the optional user profile cards to function properly.
- Mail.Read: Read email in the current user's mailbox(es). This is used by the Lightning Conductor's "Messages" Quick configuration. This permission is required for the optional user profile cards to function properly.
- Calendars.Read: Read events in the current user's calendar(s). This is used by the Lightning Conductor's "Outlook Events" Quick configuration.
- Calendars.Read.Shared (added in version 5.1.0.0): Read events in all calendars that the current user can access, including delegated and shared calendars.
- Presence.Read.All: Read presence information of all users in your organization. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. This permission is required for the optional user avatars to function properly.
- People.Read.All: Read all users' relevant (scored) people lists. The list can include local contacts, contacts from social networking or your organization's directory, and people from recent communications (such as email and Skype). Also allows the app to search the entire directory of the signed-in user's organization. This permission is required for the optional user profile cards to function properly.
- Tasks.ReadWrite: Create, read, update, and delete the current user's tasks and task lists, including any shared with the user. This is required for Planner and To Do task rollups and built-in views that allow editing of tasks.
- User.Read.All: Read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the current user. This permission is required for the optional user profile cards to function properly.
Published Nov 22, 2022
Updated Mar 27, 2023 (additional permissions for v6.0.0.0)