# O365 Permissions

Inforiver must obtain a set of permissions through the Azure AD App to function properly. The following are the required and optional permissions requested, with details on how and which feature will use them.

## Required permissions

### 1. Microsoft Graph

<table><thead><tr><th width="200">Permission</th><th>Description</th><th>Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>profile</td><td>Retrieves user profile information.</td><td>User</td><td>Get profile information with Full Name, Display Name, Email, Company Name.</td></tr><tr><td>email</td><td>Access to user email addresses.</td><td>User</td><td>Access user profile Information, Authentication.</td></tr><tr><td>openid</td><td>Enables OpenID Connect authentication.</td><td>Authentication</td><td>Authenticate your user.</td></tr><tr><td>User.Read</td><td>Signs in and reads user profile</td><td>User</td><td>Sign in and read user profile.</td></tr><tr><td>User.ReadBasic.All</td><td>Reads all users' basic profile information.</td><td>User</td><td>Get all users' profile information with Full Name, Display Name, Email, Company Name.</td></tr><tr><td>Group.Read.All</td><td>Reads all groups' information. Requires admin consent.</td><td>User, Groups and ACL</td><td>Authenticate from O365 Group and authorize user for different actions via Groups.</td></tr><tr><td>GroupMember.Read.All</td><td>Reads Group Membership Details. Requires admin consent.</td><td>Groups</td><td>Disintegrate groups into its members to get the list of members from the group.</td></tr></tbody></table>

### 2. Power BI service

<table data-full-width="false"><thead><tr><th width="199">Permission</th><th>Description</th><th width="187">Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>Dataset.Read.All</td><td>Read access to all Power BI datasets.</td><td>Data Lineage and Subscription</td><td>Create semantic model-based dropdown lists, fetch primary key column values when using key column mapping feature in writeback, refresh dataset function in semantic model-based dropdown lists and subscriptions.</td></tr><tr><td>Report.Read.All</td><td>Read access to all Power BI Reports.</td><td>Data Lineage and Subscription</td><td>Get more information about the report in which the Inforiver visual is used.</td></tr><tr><td>Workspace.Read.All</td><td>Read access to all Power BI workspaces.</td><td>Data Lineage and Subscription</td><td>Get more information about the workspace in which the Inforiver visual is used.</td></tr><tr><td>App.Read.All</td><td>View all Power BI apps the user has access to.</td><td>Subscription</td><td>Access Power BI apps that may contain reports or dashboards to schedule them for subscription.</td></tr><tr><td>Dashboard.Read.All</td><td>View all dashboards in the organization.</td><td>Subscription</td><td>Access dashboard reports that can be scheduled for subscription.</td></tr></tbody></table>

## Optional permissions

### 1. Microsoft Graph

<table><thead><tr><th width="197">Permission</th><th>Description</th><th width="178">Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>Files.ReadWrite.All</td><td>Access to all files the user can access in OneDrive.</td><td>Writeback and Subscription</td><td>Writeback and export the report from Subscription to OneDrive folder.</td></tr><tr><td>Sites.ReadWrite.All</td><td>Access to SharePoint sites. Edit or delete items in all site collections.</td><td>Writeback and Subscription</td><td>Writeback and export the report from Subscription to SharePoint folder.</td></tr><tr><td>Channel.ReadBasic.All</td><td>Reads the names and descriptions of Teams channels the user has access to.</td><td>Subscription</td><td>To track available Teams channels while scheduling subscriptions.</td></tr><tr><td>Teams.ReadBasic.All</td><td>Read basic information about all Microsoft Teams in an organization.</td><td>Subscription</td><td>To track available Teams while scheduling subscriptions to Teams.</td></tr></tbody></table>

### 2. Power BI service

<table><thead><tr><th width="196">Permission</th><th>Description</th><th>Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>Dataflow.Read.All</td><td>Read access to all Power BI dataflows.</td><td>Data Lineage</td><td>Create semantic model-based dropdown lists, fetch primary key column values when using key column mapping feature in writeback, refresh dataset function in semantic model-based dropdown lists and subscriptions.</td></tr><tr><td>Dataset.ReadWrite.All</td><td>Access to all Power BI datasets. Read and write datasets when required.</td><td>Subscription</td><td>Refresh the dataset when it is required.</td></tr><tr><td>Lakehouse.ReadWrite.All</td><td>Access to Lakehouse destination. Read and write datasets in Lakehouse.</td><td>Writeback</td><td>Access Lakehouse destination for writeback.</td></tr><tr><td>Warehouse.Read.All</td><td>Access to PowerBI data warehouses. Fetches the connection string for the given workspace and WarehouseID.</td><td>Adding OneLake as source in Infobridge</td><td>Get the connection string for the given workspace and warehouseID. The retrieved connection string is used to access the schema and tables present in the warehouse.</td></tr></tbody></table>

### &#x20;3. Azure Storage

<table><thead><tr><th width="198">Permission</th><th>Description</th><th>Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>user_impersonation</td><td>Access to Azure storage when you want to writeback to these destinations:<br>Dataverse, Databricks, ADLSGen2, and Fabric Lakehouse (on Azure storage).</td><td>Writeback</td><td>Access Azure Storage to support writeback to these specified destinations.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inforiver.com/inforiver-enterprise-on-prem/architecture-concepts/o365-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.