You are here: Administration > Best Practice Guide > Permissions Required for OnePlaceMail App

Permissions Required to use the OnePlaceMail App

In the initial set up process, some permissions are requested for the OnePlaceMail App.

OnePlaceMail only accesses services in direct response to the user performing an action in the app.

Administrator consent for Microsoft Teams Integration - Microsoft Graph

Permission Why does the app need this?
Read and write all user's full profile
Allows the app to read and write the full set of profile properties, reports and managers of other users in your organization on behalf of the signed-in user. Required to determine which services are enabled within the users Office 365 tenancy (i.e. SharePoint, Teams) 
Read and write all groups
Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Additionally allows group owners to manage their groups and allows group members to update group content. Required to determine Teams the current user is a member of

 

General Use of OnePlaceMail App - Microsoft Graph

Permission Why does the app need this?
Sign in and read your profile
Allows you to sign into the app with your organizational account and let the app read your profile. It also allows the app to read basic company information. Required to authenticate the user
Read all user's basic profiles
Allows the app to read a basic set of profile properties of other users in your organization on your behalf. Includes display name, first and last name, email address and photo Required to show the user profile image in the people picker
Maintain access to data you have given access to
Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions. Required to reliably perform the transfer operation in a backend service rather than on a device
Edit or delete items in all site collections
Allows the app to edit or delete documents and list items in all site collections on your behalf Required to set properties on items in SharePoint
Read and write access to your mailbox settings
Allows the app to read, update, create and delete email in your mailbox. Does not include permission to send mail. Required to access mail properties
Read and write mail you can access
Allows the app to read, update, create and delete mail you have permission to access including your own and shared mail. Does not allow the app to send mail on your behalf. Required to extract an email and attachments in order to save to SharePoint. Also required to set the 'Transferred to SharePoint' category flag once the email has been saved to SharePoint.

 

General Use of OnePlaceMail App - SharePoint

Permission Why does the app need this?
Read and write items and lists in all site collections
Allows the app to read, create, update and delete document libraries and lists in all site collections on your behalf Required to set column properties on SharePoint items and perform check in operations