Lightning Forms Microsoft Graph Permissions

Introduction

Below is a list of the Microsoft Graph permissions requested by the current version of the Lightning Forms Suite (Lightning Forms and Lightning Tools Actions). You may choose not to approve permissions that are not essential to your use case.

All permissions listed are "Delegated" and require approval from either a Global or Application Administrator. Delegated means that requests will be made as the current user, considering their permissions on the requested resource. Approval can be managed on the API Access page within the SharePoint Admin Center. Once approved, these permissions will appear under the SharePoint Online Web Client Extensibility application in the Entra Admin Center for your tenant.

Permissions List

Directory.Read.All  

Added in version 3.1.0.0
This permission is required if you intend to test whether the current user is a member of an Entra ID (formerly Active Directory) Group using the [@User.IsMemberOfAADGroup] placeholder.

Mail.Send  

Added in version 3.3.0.0
This permission is necessary if you plan to use the updated "Send Email" action in the Action Builder. It allows emails to be sent to any valid email address, internal or external, with either the current user or (with the appropriate mailbox permission) another user as the Sender. 

This is as opposed to the legacy “Send internal email” action, which will only send emails to users that exist within the current site collection, using 'no-reply@sharepointonline.com' as the Sender. Technically, this action uses the Utility.SendEmail method. We don't recommend using this legacy action; it's mainly there for backward compatibility.

Mail.ReadWrite  

Added in version 3.6.0.0
This permission enables sending attachments larger than 3 MB when using the "Send Email" action.

Team.ReadBasic.All  

Added in version 3.7.0.0
Required for the new ‘Teams’ Data source option for the Data Lookup control. See Lightning Tools — Cross Site Lookups for more information.

TermStore.ReadWrite.All  

Added in version 3.7.0.0
This permission supports the integrated modern term store picker, if you are using Managed Metadata fields in your forms. Specifically, this permission is required when the ‘Allow users to type new values’ option is set on the Managed Metadata field, to allow the creation of new terms.

Was this article helpful?

Can’t find what you’re looking for?

Our world-class Customer Success team is here for you.

Contact Support