This is a list of the Microsoft Graph permissions requested by the Social Squared SPFx web part for SharePoint Online.
Following is a list of all of the Microsoft Graph permissions requested by the current version of Social Squared (4.4.0.0). You may decide not to approve any for which you do not need the functionality provided by that permission. Note that many of these permissions are necessary for Social Squared to function correctly within Microsoft Teams.
These are all "Delegated" permissions, which a Global or Application Admin can approve on the API Access page in the SharePoint Admin Center. They will then be listed as API Permissions under the SharePoint Online Client Extensibility Web Application Principal application in Azure AD in your tenant. The reason that Social Squared requests Delegated permissions as opposed to Application permissions is that Social Squared is not a registered Azure application, but rather a SharePoint Framework app. As such, it uses the context of the current user (i.e. delegated permissions) for performing requests.
- Group.Read.All (new in v4.0.0.0): Replaces Group.ReadWrite.All in previous Social Squared versions. Used to get M365 Group members for presence indicator (see Presence.Read.All), for M365 Group subscriptions, and for Teams chat notifications.
- Presence.Read.All: Gets user presence after getting the user from the Group.
- User.ReadBasic.All: Gets basic user profile information and photo for profile cards.
- Mail.Send: Send email notifications for subscriptions and moderation. If you are using Social Squared in Teams rather than in SharePoint, then the email notification functionality is less important, as people will see new posts within Teams (but that will require the various Channel and Chat permissions to be granted). There is not a way to disable notifications or subscriptions in Social Squared, but if this permission is not granted, then users will not receive any emails even if they subscribe to a forum or topic, nor will Moderators receive notifications of content requiring their approval. Note that Moderators will see a notification at the top of the Social Squared UI when there is content requiring approval, but they would need to navigate to the page to see this, so notifications are often more convenient.
- OnlineMeetings.ReadWrite: Create/display Teams meetings. This allows Social Squared to create Teams meetings, using the options displayed below a reply post when in Teams. If you do not wish to allow this, you should disable the "Enable Online Meeting in Teams" option in the Social Squared settings panel.
- Calendars.ReadWrite: Read and write calendars in all mailboxes. This allows Social Squared to add a Teams meeting to users' calendars. If you do not wish to allow this, you should disable the "Enable Online Meeting in Teams" option in the Social Squared settings panel.
- Chat.Create: Send a 1:1 chat message in Teams. This is to notify users of new posts in forums/topics to which they have subscribed.
- Chat.ReadWrite: Read your Teams chat messages and send new ones.
- ChannelMember.Read.All: Determine members of the current Teams channel.
- ChannelMessage.Send (new in v4.0.0.0): Replaces Group.ReadWrite.All (in previous Social Squared versions) to allow Social Squared to post a card-like notification in the Posts tab of a Teams channel when a new post is made in Social Squared in that channel. You can disable the "Enable Channel Notifications in Teams" option in the Social Squared settings panel if you do not want this functionality, although if the permission is not granted, then the posts would in any case not be made.
- Files.ReadWrite.All: Access to all OneDrive files the current user can access. This is used to save/access global settings (in v3.9.0.0+) and (in v4.0.0.0+) configuration exports.
Published Mar 23, 2023
Updated Apr 30, 2023 for v4.0.0.0 permission changes
Updated Jan 2025 with more detailed explanations of some permissions