I want to add Device.Read and Device.Command permissions to Graph Explorer. When I open the permissions and add them I'm told I need admin approval, although these specific permissions do not require approval. I want to add these permissions without taking away existing admin approvals. How do I do this?
Related
I have a specific SharePoint site that I have been asked to integrate my web based application with in a read-only fashion using my backend server.
I currently have an app with Default Directory only (Single tenant) access
which I am modifying Application API permissions to also require Sites.Selected, however this one is requiring that I obtain Admin consent
I have had an absolute atrocious time trying to figure out how to obtain access to my specific site and not grant access to every single site in my tenant
I'm working on a dummy azure account prior to asking my ops team for the real permissions from the real ecosystem, but I dont have a sharepoint site to test on because I dont know how to set it up, the IT department team who manages it is very slow to answer so its difficult to move the ball forward without knowing exactly what I need before asking.
Under "Enterprise Applications" > {My Application Name } > Permissions (left sidebar), i see a big blue button that I read about in some docs, but i'm scared to grant the permissions because it says I give my app access to the default directory which I don't want to do, and it provides nowhere for me to specify my "selected" site
does anyone have more information on how I can grant a specific site to my app?
every article I run to talks about admin confirmation but neglects to tell me specifically how it's done
Default Directory is just a default name for your tenant, and not related to any default collection of sites. See my tenant name v6pz1 in the image
For this Sites.Selected permission, it's a 2-step process for giving your app access to the sites.
The app needs to be given permission to the site at the SharePoint level
The app needs to be granted admin consent to access the sites through the Graph API
You see this described in the MS Graph permissions reference table as well.
Allow the application to access a subset of site collections without a signed in user. The specific site collections and the permissions granted will be configured in SharePoint Online.
To actually grant your app the SharePoint permission to a site, you can use the MS Graph endpoint to create permissions
I am developing an app in Microsoft Teams using the App Studio. Towards the end of the proccess, in the section Domains and Permissions, you are allowed to give resource-specific consent permissions such as File.Read.Group. I was wondering where I would use these permissions (Microsoft Graph, Azure AD Graph, ...) to programmatically access an API. As a side question, does anybody know which permission allows the app to manage group members?
Thank you!
Here is a good read on that permissions settings page, those consent permissions are not actually a part of azure ad app registrations as of this articles writing. so that means while they are sort of graph permissions, you would use them against the graph api. They are for specific teams based resource specific permissions.
https://blog.thoughtstuff.co.uk/2020/01/microsoft-teams-has-a-new-more-granular-and-resource-specific-permissions-model-for-apps-what-is-resource-specific-consent-rsc-and-how-do-i-use-it/
the official documentation on the matter: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent
as per the microsoft link i don't see a resource specific permission to "edit" groups members.
I am an admin on a TFS online project, and I have created a wiki and written some pages in it. However, today I cannot access it to edit these pages nor add sub-pages.
The Security button in Wiki page also has been disappeared. How can I restore permission for my account? So I can edit Wiki pages again.
Ask another admin to set the Wiki security Contribute permission to Allow for your account.
If no other admins in your organization, then you can follow below steps to do that:
Add a team member to Project Collection Administrators group.
(Navigate to https://{account}.visualstudio.com/_settings/security?_a=members)
Login with this account to manage the wiki security permissions for
your account.
After that you can remove the team member from Project Collection Administrators group.
I'm trying to use the graph explorer to access the beta Office 365 usage reports. I can see that these report require the "Reports.Read.All" permission and I'm seeing that the account I'm using doesn't have that permission yet, but when I click on the "Modify your permissions" link it doesn't display this permission. How do you add this permission to an account, so that you can use the graph explorer with this API?
The reports.read.all permission has been added to the Graph Explorer code repository at https://github.com/microsoftgraph/microsoft-graph-explorer/commit/093600ec7bc7bd32befe5d118270ea71ca8008b4 and will be deployed to our website in the next update. We're working on a process to get new scopes added to the explorer automatically so we don't have this delay in the future.
You need to be an administrator to be able to consent to that permission scope
Is it possible to grant access to jira-user with abilty to read all administration area (user, groups, permission scheme), but disable write permissions?
No, but you can have JIRA Administrators (which have less permission than a JIRA System Administrator). More details here.