US English (US)
FR French
DE German
ES Spanish

Support Home DeliverPoint Online DeliverPoint Installation and General Information

Table of Contents

Introduction Permissions list AuditLogsQuery.Read.All ChannelSettings.Read.All Directory.Read.All Directory.ReadWrite.All Files.Read.All Files.ReadWrite.All InformationProtectionPolicy.Read Mail.Read Mail.Send People.Read.All Presence.Read.All Sites.Read.All User.Read.All

DeliverPoint Microsoft Graph permissions

Graph API permissions requested by DeliverPoint for SharePoint Online

Table of Contents

Introduction Permissions list AuditLogsQuery.Read.All ChannelSettings.Read.All Directory.Read.All Directory.ReadWrite.All Files.Read.All Files.ReadWrite.All InformationProtectionPolicy.Read Mail.Read Mail.Send People.Read.All Presence.Read.All Sites.Read.All User.Read.All

Introduction

Following is a list of all of the Microsoft Graph permissions requested by the current version of DeliverPoint for SharePoint Online. You may decide not to approve any for which you do not need the functionality provided by that permission.

These are all "Delegated" permissions, which a Global or Application Admin can approve on the API Access page in the SharePoint Admin Center. They will then be listed as API Permissions under the SharePoint Online Web Client Extensibility application in Entra in your tenant. 

Permissions list

AuditLogsQuery.Read.All 

Added in version 5.0.0.0

Allows DeliverPoint to produce audit reports. As of this writing, this is a beta endpoint, and must be approved via PowerShell rather than from the API Access page in the SharePoint Admin Center. See instructions at Lightning Tools — How to approve the AuditLogsQuery.Read.All Graph API permission

ChannelSettings.Read.All 

Needed for retrieving team channels (needed by the "Teams view" mode of the tree view)  

Directory.Read.All 

Read information from AD: list of users, AD groups, and members of AD groups. Necessary for reporting and also for retrieving data prior to starting permission management operations. This is a basic permission that should always be granted for DeliverPoint to function properly.

Directory.ReadWrite.All 

Necessary for DeliverPoint operations that require modification of M365 groups (i.e. adding/removing members to/from a M365 group).

Files.Read.All 

Needed for OneDrive reporting - both the OneDrive Permissions and OneDrive Sharing Links reports.

Files.ReadWrite.All 

Only needed if you want the option to remove OneDrive permissions or sharing links from within those reports.

InformationProtectionPolicy.Read 

Added in version 4.2.0.0 

Allows DeliverPoint to report on Sensitivity Labels.

Mail.Read 

Necessary for full functionality of user avatars and profile cards.

Mail.Send 

Added in version 4.1.0.0 

Allows sending an email to users who are granted permission to an object.

People.Read.All 

Necessary for full functionality of user avatars and profile cards.

Presence.Read.All 

Necessary for full functionality of user avatars and profile cards.

Sites.Read.All 

Used for site-related usage in the Discover Usage and Permission Summary reports. Necessary for full functionality of user profile cards.

User.Read.All 

Necessary for full functionality of user avatars and profile cards.

Was this article helpful?

Related Articles:

Can’t find what you’re looking for?

Our world-class Customer Success team is here for you.

Contact Support