Which session type should I choose?

Are you a non-admin user or an admin? There are different session types for each.

What you’ll be able to do in sapio365 depends on a combination of your user rights and the session type you use.

If you are NOT an admin, start with a User session—it is usable right “out of the box.” For other sessions, admin consent is required. You can always request consent in the meantime.

User session

Users can access all their own data including:

  • Messages
  • Contacts
  • Drive items and their permissions
  • Group listings, group owners, and memberships
  • Calendar events for accessible mailboxes
  • Site and site list information

No admin consent needed

Admin session

Additional access (according to user rights):

  • All users' directory properties/info
  • Memberships of hidden groups
  • Group conversations and extended group information
  • All calendar events for public groups and private groups you have access to
  • All drive items you have access to through groups, sites, or user sharing

No admin consent needed

Ultra Admin session

Additional access (with full permissions assigned):

  • Complete account info for all users
  • All mail for all users, including attachments
  • All mailbox settings for all mailboxes
  • All drive items for all groups, users, and sites
  • All calendar information for all users and groups
  • All SharePoint site information, including lists and list items
  • All contacts for all users

Admin consent required

This requires an app registration on the Azure v2 Active Directory Endpoint.

All sapio365 app permissions are assigned by the creator of the app ID.

User session

(No admin consent needed)

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

What can I do in a User session?

Your user rights apply to a User session.

According to your user rights, you can do the following:

Users
  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Drive item, Messages, Contacts, Calendar entries
  • For your own account and those users whose mailboxes you have access to.
Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups
  • View all groups in your tenant, including their property information (minus Teams-related properties).
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Remove and add memberships and owners for all groups you are 'Owner' of.
Calendar events
  • View all calendar events
  • Preview calendar event body
  • See attachment information.
SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.

Admin session

(Admin consent required)

What can I access? How are my user rights handled?

Actual user rights are respected—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

I'm an admin. How do I give consent to sapio365?

Admin and Ultra Admin sessions both require the consent of a Global Administrator in order to function. If you give consent once, it will work across your entire tenant. See this page for the full process of providing admin consent for each of the session types.

How can I get admin consent for sapio365?

Only an administrator with the role of global administrator can provide consent for sapio365’s Admin sessions. Feel free to send a global administrator to this page: How to provide admin consent to sapio365.

What can I do in a Admin session?

Your user rights apply to an Admin session.

According to your user rights, you can do the following:

Users
  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Extended user information, Drive item, Messages, Contacts, Calendar entries for your own account and those users whose mailboxes you have access to.
Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • See all mailbox setting information.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups
  • View all groups in your tenant, including their property information.
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Remove and add memberships and owners for all groups you are 'Owner' of.
  • Manage delivery restrictions on groups that you have access to.
Calendar events
  • View all calendar events—even for Office 365 groups you're a member of.
  • Preview calendar event body
  • See attachment information.
SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.

Ultra Admin session

(Admin consent required)

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

I'm an admin. How do I give consent to sapio365?

Admin and Ultra Admin sessions both require the consent of a Global Administrator in order to function. If you give consent once, it will work across your entire tenant. See this page for the full process of providing admin consent for each of the session types.

How can I get admin consent for sapio365?

Only an administrator with the role of global administrator can provide consent for sapio365’s Admin sessions. Feel free to send a global administrator to this page: How to provide admin consent to sapio365. If you have already registered an application ID, you’ll need to tell which application ID you need consent for.

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

What can I access in a Ultra Admin session?

Authorized users are responsible for assigning their own permissions when creating an application.

With the full set of Ytria-recommended permissions, you can do the following:

Users
  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Drive item, Messages, Contacts, Calendar entries
  • For your own account and those users whose mailboxes you have access to.
Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups
  • View all groups in your tenant, including their property information.
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Add or remove owners for any group in your tenant, even multiple groups and owners at once.
  • Manage delivery restrictions on any group in your tenant, even multiple groups at once.
Calendar events
For your own mailbox and other mailboxes you have access to:

  • View all calendar events
  • Preview calendar event body
  • See attachment information.
SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.