INTRODUCTION

LiveTiles Bots integrates with the Microsoft Graph API out-of-the-box. This provides immediate access to the suite of O365 abilities.
To allow for this, the following list of permission scopes is requested as part of the app registration in a customer tenant. This only happens the first time when authenticating into LiveTiles Bots, and needs to be done by a tenant administrator who can consent on-behalf of the other users in the tenant.

PERMISSION SCOPESĀ 

  1. Calendars.ReadWrite - Allows the app to create, read, update and delete events in user calendars. This is used by the Meetings ability in order to read events from, and create events in the user's calendar.
  2. Calendars.ReadWrite.Shared - Allows the app to create, read, update and delete events in all calendars the user has permissions to access. This includes delegate and shared calendars. This is used by the Meetings ability in order to read events from, and create events in a shared calendar that the user may have access to.
  3. Contacts.ReadWrite - Allows the app to create, read, update, and delete user contacts. Contacts ability.
  4. Contacts.ReadWrite.Shared - Allows the app to create, read, update and delete contacts that the user has permissions to, including the user's own and shared contacts. This is used by the Contacts ability in order to read contact information from the user's contact list.
  5. Files.ReadWrite.All - Allows the app to read, create, update, and delete all files the signed-in user can access. This is used by the Documents, OneDrive & Excel abilities in order to read and update files that the user has access to.
  6. Files.ReadWrite.AppFolder - (Preview) Allows the app to read, create, update, and delete files in the application's folder. This is used by the Documents and OneDrive abilities in order to read files from a folder that a user has access to.
  7. Mail.ReadWrite - Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail. This is used for the Email ability (in development), in order to read emails from the user's mailbox.
  8. Mail.ReadWrite.Shared - Allows the app to create, read, update, and delete mail that the user has permission to access, including the user's own and shared mail. Does not include permission to send mail. This is used for the Email ability (in development), in order to read emails from a shared mailbox that the user may have access to.
  9. Mail.Send - Allows the app to send mail as users in the organization. This is used for the Email ability (in development), in order to send email on behalf of the user.
  10. Mail.Send.Shared - Allows the app to send mail as the signed-in user, including sending on-behalf of others. This is used for the Email ability (in development), in order to send email from a shared mailbox that the user may have access to.
  11. MailboxSettings.ReadWrite - Allows the app to create, read, update, and delete user's mailbox settings. Does not include permission to directly send mail, but allows the app to create rules that can forward or redirect messages. This is used for the Email ability (in development), in order to forward or redirect messages from the user's email.
  12. Notes.ReadWrite.All - Allows the app to read, share, and modify OneNote notebooks that the signed-in user has access to in the organization. This is used for the OneNote ability, in order to read and create notes from OneNote, on behalf of the user.
  13. People.Read - Allows the app to read a scored list of people relevant to the signed-in user. The list can include local contacts, contacts from social networking or your organization's directory, and people from recent communications (such as email and Skype). Contact Profile ability.
  14. Sites.ReadWrite.All - Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user. Documents ability.
  15. Tasks.ReadWrite - Allows the app to create, read, update and delete tasks and containers (and tasks in them) that are assigned to or shared with the signed-in user. Planner ability.
  16. Tasks.ReadWrite.Shared - Allows the app to create, read, update, and delete tasks a user has permissions to, including their own and shared tasks. Planner ability.
  17. User.ReadWrite - Allows the app to read the signed-in user's full profile. It also allows the app to update the signed-in user's profile information on their behalf. Accessing profile information for, among others, the welcome message.

Note: The above process of asking for all scopes before authenticating into the Designer is being reworked to only prompt for the required scopes as abilities are added to the bot. This will allow users to only consent to the permission scopes that they need for the abilities they use.

Did this answer your question?