App Permissions¶
Note
This top section is only relevant if your installation of Mercury is managed by ID Live. If you manage your own installation manually, please skip down to SharePoint Online Permissions to review the API permissions that are requested.
In order for Mercury to be kept up to date on your tenant, a background service is used to update the App Catalog in your SharePoint Online service, and your Mercury Hubs are also kept up to date automatically to save you having to manually update each Mercury App in every site where you have Mercury installed.
This background service uses an Azure Active Directory App with permission to write to your SharePoint Online service. This app requests the following permissions:
| Service | Permission Name | Description | Purpose |
|---|---|---|---|
| Microsoft Graph | Sites.FullControl.All | Have full control of all site collections | Used to retrieve the status of your installation from our central repostiroy |
| Microsoft Graph | User.Read | Sign in and read user profile | Used by MyMercury to let you log in (Coming Soon) |
| SharePoint | Sites.FullControl.All | Have full control of all site collections | Used to update your App Catalog, and to deploy Mercury to your Hub Sites as registered in our central repository |
| SharePoint | Read and write managed metadata | Read and write managed metadata | Used during deployment to initialize Term Sets used by the Mercury Pages Metadata (Fields) |
SharePoint Online Permissions¶
When Mercury is deployed to your tenant, API permissions need to be granted within the SharePoint Admin Centre, either by a Global Administrator or a user with the Application Administration role assigned in Azure Active Directory.
Each permission needs to be individually approved so that all features provided in Mercury work.
See the table below for descriptions of the permissions requested and how they're used by Mercury.
Note
All permission granted below are Delegate Permissions, and they interact with APIs as the current user, and can only perform tasks that the current logged in user has the permission to do.
| Package Name | API Name | Permission | Purpose |
|---|---|---|---|
| Modern Mercury Mega Menu | Microsoft Graph | User.ReadBasic.All | Used by various components to render "Rich" basic profile information about users in Favourites "Created By" fields |
| Modern Mercury Mega Menu | Microsoft Graph | Mail.ReadWrite | Used by the Mail component to allow users to view their own mailbox contents, and to mark emails as read |
| Modern Mercury Mega Menu | Microsoft Graph | Files.Read.All | Used to read Command Bar Configuration from config file stored in SharePoint |
| Modern Mercury Mega Menu | Microsoft Graph | Tasks.ReadWrite | Used by the My Tasks component to create & complete Microsoft ToDo Tasks |
| Modern Mercury Mega Menu | Microsoft Graph | MailboxSettings.Read | Used by the Events component to read current user's Outlook timezone settings, to render event start times in the correct timezone |
| Modern Mercury Web Parts | Microsoft Graph | User.Read.All | Used by various web parts to read user profiles |
| Modern Mercury Web Parts | Microsoft Graph | Presence.Read.All | Used by the Meet the Team web part to retrieve other user's presence |
| Modern Mercury Web Parts | Microsoft Graph | Calendars.Read | Used by Calendar & My Teams Web Part to read calendar items |
| Modern Mercury Web Parts | Microsoft Graph | User.ReadWrite.All | Used to update the current user's user profile |
| Modern Mercury Web Parts | Microsoft Graph | Group.Read.All | Used by My Teams web part to read which Teams the user is a member of |
| Modern Mercury Web Parts | Microsoft Graph | Files.ReadWrite.All | Used by various web parts to store centralized settings for web parts in the current site |
| Modern Mercury Web Parts | Microsoft Graph | Sites.ReadWrite.All | Used by various webp parts to store centralized settings stored in another hub |
| Modern Mercury Web Parts | Microsoft Graph | People.Read | Used by Meet the Team & People Search to search for & display user information |
| Modern Mercury Web Parts | Microsoft Graph | Team.ReadBasic.All | Used by Channel Feed web part to list teams & channels to allow selection of a channel |
| Modern Mercury Web Parts | Microsoft Graph | Channel.ReadBasic.All | Used by Channel Feed web part to read the basic information about a Channel |
| Modern Mercury Web Parts | Microsoft Graph | ChannelMessage.Read.All | Used by Channel Feed web part to list messages in a channel |
| Modern Mercury Wizard | Microsoft Graph | People.Read | Used by Meet the Team & People Search to search for & display user information |
| docCentrum Web Parts | DocCentrum API | user_impersonation | Allows interaction with the docCentrum service as the current user |
| docCentrum Web Parts | Windows Azure Active Directory | User.Read | Allows the docCentrum service to read the current user's details (such as display name, email) |