App Permissions
This page describes the various Microsoft Graph and SharePoint API permissions that are used by Mercury components.
Mercury Intranet Deployment Service Principal
In order for Mercury to be kept up to date on your tenant, a background service is used to update the App Catalog in your SharePoint Online service.
This background service uses an Entra ID Service Principal with permission to write to your SharePoint Online service. This app requests the following permissions:
Admin Consent
| Service |
Permission Name |
Description |
Purpose |
| Microsoft Graph |
Sites.FullControl.All |
Have full control of all site collections |
Used to retrieve the status of your installation from our central repostiroy |
| Microsoft Graph |
User.Read |
Sign in and read user profile |
Used by MyMercury to let you log in |
| Microsoft Graph |
Applications.Read.All |
Read all applications |
Used by MyMercury to check if Admin Consent has been granted to licenced products |
| SharePoint |
Sites.FullControl.All |
Have full control of all site collections |
Used to update your App Catalog, and to deploy Mercury to your Hub Sites as registered in our central repository |
| SharePoint |
Read and write managed metadata |
Read and write managed metadata |
Used during deployment to initialize Term Sets used by the Mercury Pages Metadata (Fields) |
Mercury Component Permissions
This table describes the permissions each component requires and why.
Note
All components use the User.Read permission to allow sign in to the required APIs.
Note
All of the below permissions will use Delegate Permissions, interacting with APIs as the logged in user. Therefore, a permission may say Files.ReadWrite.All,
but the app will only be able to interact with files that the user has access to.
Mercury Accordion
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| GroupMember.Read.All |
To enable Audience Targeting |
Mercury Anniversaries
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| Directory.Read.All |
Read directory information for hire dates (as a work anniversary) |
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| Group.Read.All |
To support Audience Targeting |
| Directory.Read.All |
To support Audience Targeting |
Mercury Calendar
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
Mercury Carousel
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
Mercury Command Bar
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Command Bar Configuration to JSON files in sites |
| Calendars.ReadBasic |
To show upcoming events |
| Mail.ReadWrite |
To allow users to view inbox & mark items as read |
| MailboxSettings.Read |
To get user's date/time preferences to display mail & event items in correct timezones and format |
| Tasks.ReadWrite |
To allow task management from the Command Bar |
Mercury Flexi Tiles
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| GroupMember.Read.All |
To enable Audience Targeting |
Mercury Hero Tiles
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| Sites.Read.All |
To get information about the site containing the items in tiles (Title, theme, URL, etc) |
Mercury Info Tiles
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| GroupMember.Read.All |
To enable Audience Targeting |
Mercury Meet the Team
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| GroupMember.Read.All |
To allow showing the members of a specified group |
| People.Read.All |
To allow searching for all users |
| Presence.Read.All |
To display the current presence status of all selected users in the web part |
| User.ReadBasic.All |
To fetch basic profile information on all selected users in the web part |
Mercury My Teams
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| Channel.ReadBasic.All |
To get basic information about Team channels a user is a member of |
| ChannelMessage.Read.All |
To be able to retrieve messages in a selected channel that a user is a member of |
| Directory.Read.All |
To fetch all channels the user is a member of |
| Group.Read.All |
To allow searching channels created as Microsoft 365 Groups |
| GroupMember.Read.All |
To allow listing who is the member of a Team Channel |
| Team.ReadBasic.All |
To fetch & display the basic information of a Team that the user is a member of |
| TeamsTab.Read.All |
To fetch the tabs of a Team that the user is a member of |
| User.Read.All |
To view profile information on members of a Team |
Mercury People Finder
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| Directory.Read.All |
To assist in searching for users |
| GroupMember.Read.All |
|
| Presence.Read.All |
To display the presence information on returned users |
| Schedule.Read.All |
To display the availability of returned users |
| User.Read.All |
To display profile information on returned users |
Mercury Quick Search
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
Mercury Service Updates
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
Mercury Teams Channel Feed
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| Channel.ReadBasic.All |
To get basic information about Team channels a user is a member of |
| ChannelMessage.Read.All |
To be able to retrieve messages in a selected channel that a user is a member of |
| Directory.Read.All |
To fetch all channels the user is a member of |
| Group.Read.All |
To allow searching channels created as Microsoft 365 Groups |
| GroupMember.Read.All |
To allow listing who is the member of a Team Channel |
| Presence.Read.All |
To display the presence information on returned users |
| Team.ReadBasic.All |
To fetch & display the basic information of a Team that the user is a member of |
| TeamsTab.Read.All |
To fetch the tabs of a Team that the user is a member of |
| User.ReadBasic.All |
To view profile information on members of a Team |
Mercury Timeline
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |
| User.ReadBasic.All |
To view profile information on the author of an item in the Timeline |
Mercury Tips
Admin Consent
| Permission |
Purpose |
| Files.ReadWrite.All |
Import and Export of Web Part settings to JSON files in sites & user's OneDrive |