Introduction
Below is a list of the Microsoft Graph permissions requested by the current version of the Lightning Forms Suite (Lightning Forms and Lightning Tools Actions). You may choose not to approve permissions that are not essential to your use case.
All permissions listed are "Delegated" and require approval from either a Global or Application Administrator. Delegated means that requests will be made as the current user, considering their permissions on the requested resource. Approval can be managed on the API Access page within the SharePoint Admin Center. Once approved, these permissions will appear under the SharePoint Online Web Client Extensibility application in the Entra Admin Center for your tenant.
Permissions List
Directory.Read.All
Added in version 3.1.0.0
This permission is required if you intend to test whether the current user is a member of an Entra ID (formerly Active Directory) Group using the [@User.IsMemberOfAADGroup] placeholder.
Mail.Send
Added in version 3.3.0.0
This permission is necessary if you plan to use the updated "Send Email" action in the Action Builder. It allows emails to be sent to any valid email address, internal or external, with either the current user or (with the appropriate mailbox permission) another user as the Sender.
This is as opposed to the legacy “Send internal email” action, which will only send emails to users that exist within the current site collection, using 'no-reply@sharepointonline.com' as the Sender. Technically, this action uses the Utility.SendEmail method. We don't recommend using this legacy action; it's mainly there for backward compatibility.
Mail.ReadWrite
Added in version 3.6.0.0
This permission enables sending attachments larger than 3 MB when using the "Send Email" action.
Team.ReadBasic.All
Added in version 3.7.0.0
Required for the new ‘Teams’ Data source option for the Data Lookup control. See Lightning Tools — Cross Site Lookups for more information.
TermStore.ReadWrite.All
Added in version 3.7.0.0
This permission supports the integrated modern term store picker, if you are using Managed Metadata fields in your forms. Specifically, this permission is required when the ‘Allow users to type new values’ option is set on the Managed Metadata field, to allow the creation of new terms.