# O365 Permissions

Inforiver must obtain a set of permissions through the Azure AD App to function properly. The following are the required and optional permissions requested, with details on how and which feature will use them.

## Required permissions

### 1. Microsoft Graph

<table><thead><tr><th width="200">Permission</th><th>Description</th><th>Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>profile</td><td>Retrieves user profile information.</td><td>User</td><td>Get profile information with Full Name, Display Name, Email, Company Name.</td></tr><tr><td>email</td><td>Access to user email addresses.</td><td>User</td><td>Access user profile Information, Authentication.</td></tr><tr><td>openid</td><td>Enables OpenID Connect authentication.</td><td>Authentication</td><td>Authenticate your user.</td></tr><tr><td>User.Read</td><td>Signs in and reads user profile</td><td>User</td><td>Sign in and read user profile.</td></tr><tr><td>User.ReadBasic.All</td><td>Reads all users' basic profile information.</td><td>User</td><td>Get all users' profile information with Full Name, Display Name, Email, Company Name.</td></tr><tr><td>Group.Read.All</td><td>Reads all groups' information. Requires admin consent.</td><td>User, Groups and ACL</td><td>Authenticate from O365 Group and authorize user for different actions via Groups.</td></tr><tr><td>GroupMember.Read.All</td><td>Reads Group Membership Details. Requires admin consent.</td><td>Groups</td><td>Disintegrate groups into its members to get the list of members from the group.</td></tr></tbody></table>

### 2. Power BI service

<table data-full-width="false"><thead><tr><th width="199">Permission</th><th>Description</th><th width="187">Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>Dataset.Read.All</td><td>Read access to all Power BI datasets.</td><td>Data Lineage and Subscription</td><td>Create semantic model-based dropdown lists, fetch primary key column values when using key column mapping feature in writeback, refresh dataset function in semantic model-based dropdown lists and subscriptions.</td></tr><tr><td>Report.Read.All</td><td>Read access to all Power BI Reports.</td><td>Data Lineage and Subscription</td><td>Get more information about the report in which the Inforiver visual is used.</td></tr><tr><td>Workspace.Read.All</td><td>Read access to all Power BI workspaces.</td><td>Data Lineage and Subscription</td><td>Get more information about the workspace in which the Inforiver visual is used.</td></tr><tr><td>App.Read.All</td><td>View all Power BI apps the user has access to.</td><td>Subscription</td><td>Access Power BI apps that may contain reports or dashboards to schedule them for subscription.</td></tr><tr><td>Dashboard.Read.All</td><td>View all dashboards in the organization.</td><td>Subscription</td><td>Access dashboard reports that can be scheduled for subscription.</td></tr></tbody></table>

## Optional permissions

### 1. Microsoft Graph

<table><thead><tr><th width="197">Permission</th><th>Description</th><th width="178">Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>Files.ReadWrite.All</td><td>Access to all files the user can access in OneDrive.</td><td>Writeback and Subscription</td><td>Writeback and export the report from Subscription to OneDrive folder.</td></tr><tr><td>Sites.ReadWrite.All</td><td>Access to SharePoint sites. Edit or delete items in all site collections.</td><td>Writeback and Subscription</td><td>Writeback and export the report from Subscription to SharePoint folder.</td></tr><tr><td>Channel.ReadBasic.All</td><td>Reads the names and descriptions of Teams channels the user has access to.</td><td>Subscription</td><td>To track available Teams channels while scheduling subscriptions.</td></tr><tr><td>Teams.ReadBasic.All</td><td>Read basic information about all Microsoft Teams in an organization.</td><td>Subscription</td><td>To track available Teams while scheduling subscriptions to Teams.</td></tr></tbody></table>

### 2. Power BI service

<table><thead><tr><th width="196">Permission</th><th>Description</th><th>Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>Dataflow.Read.All</td><td>Read access to all Power BI dataflows.</td><td>Data Lineage</td><td>Create semantic model-based dropdown lists, fetch primary key column values when using key column mapping feature in writeback, refresh dataset function in semantic model-based dropdown lists and subscriptions.</td></tr><tr><td>Dataset.ReadWrite.All</td><td>Access to all Power BI datasets. Read and write datasets when required.</td><td>Subscription</td><td>Refresh the dataset when it is required.</td></tr><tr><td>Lakehouse.ReadWrite.All</td><td>Access to Lakehouse destination. Read and write datasets in Lakehouse.</td><td>Writeback</td><td>Access Lakehouse destination for writeback.</td></tr><tr><td>Warehouse.Read.All</td><td>Access to PowerBI data warehouses. Fetches the connection string for the given workspace and WarehouseID.</td><td>Adding OneLake as source in Infobridge</td><td>Get the connection string for the given workspace and warehouseID. The retrieved connection string is used to access the schema and tables present in the warehouse.</td></tr></tbody></table>

### &#x20;3. Azure Storage

<table><thead><tr><th width="198">Permission</th><th>Description</th><th>Features Dependent</th><th>Actions done from App</th></tr></thead><tbody><tr><td>user_impersonation</td><td>Access to Azure storage when you want to writeback to these destinations:<br>Dataverse, Databricks, ADLSGen2, and Fabric Lakehouse (on Azure storage).</td><td>Writeback</td><td>Access Azure Storage to support writeback to these specified destinations.</td></tr></tbody></table>