The Office365 calendar and online meeting integration make use of the following permission types and scopes:
There are two types of scope; delegated and application.
Delegated permissions grant the app access as that user within the confines of the scopes requested. In Eploy delegated permission is granted through the UI on the External Calendar Settings popup from the scheduler.
Application permissions grant tenant-wide access to the scope requested. For this reason they can only be only be granted by an admin. Application permissions can be limited afterwards to certain users within the tenant. See calendar security and online meeting security sections above for how to do this. In Eploy application permission is granted through the corporate calendar sharing section in user security settings.
Scope | Type | Description | Justification |
Calendars.Read | delegated | read users calendars | To show user events in the scheduler. This is called on each load of the scheduler to overlay external events and more detailed event information when viewing the action popup for an external Office event |
Calendars.Read | application | read calendars in all mailboxes | To show user events in the scheduler. This is called on each load of the scheduler to overlay external events and more detailed event information when viewing the action popup for an external Office event |
Chat.Read |
delegated |
read user chat messages | To get the recording url of recorded meetings. Eploy checks if an action has an end time in the past and the setting to show recorded meeting urls is true, then attempts to retrieve the url. If it exists then it displays it on the action. |
Chat.Read.All |
application |
read all chat messages | To get the recording url of recorded meetings. Eploy checks if an action has an ended recently and the setting to show recorded meeting urls is true, then attempts to retrieve the url. If it exists then it displays it on the action. |
OnlineMeetings.ReadWrite |
delegated |
read and create user’s online meetings | To create and delete online meetings for the user on the edit action page. |
OnlineMeetings.ReadWrite.All |
application |
read and create user’s online meetings | To create and delete online meetings for users on the edit action page. Requires the objectid which is retrieved using application User.Read.All scope to identify user which the online meeting is being created for |
User.ReadBasic.All |
delegated |
read all user’s basic profiles | To check if the user is active and should display create Team meeting button |
User.Read.All |
application |
read all users' full profiles | To check if the user is active and should display create Team meeting button. To get the object id of a user which is required in the create online meeting endpoint to identify the user creating the meeting |
offline_access |
delegated |
to maintain access to data you have given it access to | Required for delegate access generally. Allows Eploy to receive refresh tokens so can get new access tokens as older ones expire and call the Office API without the user signing in every time |