0

Is there way to customize the Microsoft App permission? The add-in we have built needs read-only access, however, Microsoft permission says our add-in can see and update data anytime. We don't need update access.

We have a windows add-in that subscribes to all calendar events through Graph API. However, our customers have strongly came back on the "Access Data Anytime" permission.

We have now changed our Calendar Permission from "Calendars.ReadWrite" to "Calendars.Read.Shared", however, we still see "Access Data Anytime" which is fine, however, the description is wrong about the update access, we need only to display read access.

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
Shubh
  • 39
  • 1
  • 9

1 Answers1

0

"Access Data Anytime" simply means you've requested the offline_access scope so your app receives a Refresh Token. Scopes are not interconnected so it has no way of knowing what other scopes you requested or what data access they may or may not grant.

There is no way to update/customize the description the user sees. Supporting this would expose users to malicious manipulation (i.e. request Users.ReadWrite.All and change the description to 'Only read your username').

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
  • Thank you. This means although we are just accessing the calendar data as read-only, user would still see the same verbiage that the add-in updates the data in calendar. I believe the scope should be interconnected. – Shubh Jun 22 '18 at 09:05