Role-based access controls

Granular access controls: New from sapio365

New role-based access controls in sapio365 allow you to edit access permissions for files, group, servers, and admin control in Office 365 at a granular level. With these changes, sapio365 users can manage their cloud environment quicker and more effectively than ever.

Detailed role-based access controls

Unlike rival alternatives, and Office 365 default controls, Ytria allows you unparalleled detail in your controls. It allows you to entirely customize the scope of your access rules, based on a vast array of parameters, including job title, organization, department, Group, and much more.

For example, you can set access to a folder to apply only to users with ‘IT’ in their job title, or to actively exclude them. The possibilities for you to easily customize detailed rules for your organization are endless.

Customized parameters

Establish your own scopes for delegating role based access controls. For example, set access parameters for all users with ‘IT’ in their job title or department, or establish default permissions for your entire organization. Create your own laser-focused scopes based on a vast array of potential parameters.

Granular control

Edit permissions at multiple levels of detail, from your entire organization through teams, Groups, or individual user, including your own bespoke customized parameters.

Watertight costs

Control the number of licenses any one user can create or control, effectively capping unnecessary license creep.

Comprehensive records

sapio365 keeps a detailed log of all role-based changes that are made, so can easily identify the nature of changes, when they were made, and by whom.

Secure data

All data processed by sapio365 is stored within your Azure tenant. This means its governed by the same compliance and security policies as the rest of your data.

Take control over your environment

Role-based access controls in sapio365 complete the final piece of the Office 365 administration puzzle. It allows administrators to finely tailor the information each individual user has access within their organization. From here, they can balance the demands of maintaining security with the need to enable constant productivity.

This maximizes the value that users get from both their Office365 and sapio365 investments.

Try sapio365 today:

Free for 7 days

No credit card required. Install it locally.
Download. Install. Register. Work.
It’s that easy.


Find out which type of session you should use

Which session type should I choose?

Are you a non-admin user or an admin? There are different session types for each.

What you’ll be able to do in sapio365 depends on a combination of your user rights and the session type you use.

If you are NOT an admin, start with a User session—it is usable right “out of the box.” For other sessions, admin consent is required. You can always request consent in the meantime.

User session

Users can access all their own data including:

  • Messages
  • Contacts
  • Drive items and their permissions
  • Group listings, group owners, and memberships
  • Calendar events for accessible mailboxes
  • Site and site list information

No admin consent needed

Admin session

Additional access (according to user rights):

  • All users' directory properties/info
  • Memberships of hidden groups
  • Group conversations and extended group information
  • All calendar events for public groups and private groups you have access to
  • All drive items you have access to through groups, sites, or user sharing

No admin consent needed

Ultra Admin session

Additional access (with full permissions assigned):

  • Complete account info for all users
  • All mail for all users, including attachments
  • All mailbox settings for all mailboxes
  • All drive items for all groups, users, and sites
  • All calendar information for all users and groups
  • All SharePoint site information, including lists and list items
  • All contacts for all users

Admin consent required

This requires an app registration on the Azure v2 Active Directory Endpoint.

All sapio365 app permissions are assigned by the creator of the app ID.

User session

(No admin consent needed)

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

What can I do in a User session?

Your user rights apply to a User session.

According to your user rights, you can do the following:

Users

  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Drive item, Messages, Contacts, Calendar entries
  • For your own account and those users whose mailboxes you have access to.

Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.

Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups

  • View all groups in your tenant, including their property information (minus Teams-related properties).
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Remove and add memberships and owners for all groups you are 'Owner' of.

Calendar events

  • View all calendar events
  • Preview calendar event body
  • See attachment information.

SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.

Admin session

(Admin consent required)

What can I access? How are my user rights handled?

Actual user rights are respected—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

I'm an admin. How do I give consent to sapio365?

Admin and Ultra Admin sessions both require the consent of a Global Administrator in order to function. If you give consent once, it will work across your entire tenant. See this page for the full process of providing admin consent for each of the session types.

How can I get admin consent for sapio365?

Only an administrator with the role of global administrator can provide consent for sapio365’s Admin sessions. Feel free to send a global administrator to this page: How to provide admin consent to sapio365.

What can I do in a Admin session?

Your user rights apply to an Admin session.

According to your user rights, you can do the following:

Users

  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Extended user information, Drive item, Messages, Contacts, Calendar entries for your own account and those users whose mailboxes you have access to.

Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • See all mailbox setting information.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.

Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups

  • View all groups in your tenant, including their property information.
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Remove and add memberships and owners for all groups you are 'Owner' of.
  • Manage delivery restrictions on groups that you have access to.

Calendar events

  • View all calendar events—even for Office 365 groups you're a member of.
  • Preview calendar event body
  • See attachment information.

SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.

Ultra Admin session

(Admin consent required)

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

I'm an admin. How do I give consent to sapio365?

Admin and Ultra Admin sessions both require the consent of a Global Administrator in order to function. If you give consent once, it will work across your entire tenant. See this page for the full process of providing admin consent for each of the session types.

How can I get admin consent for sapio365?

Only an administrator with the role of global administrator can provide consent for sapio365’s Admin sessions. Feel free to send a global administrator to this page: How to provide admin consent to sapio365. If you have already registered an application ID, you’ll need to tell which application ID you need consent for.

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

What can I access in a Ultra Admin session?

Authorized users are responsible for assigning their own permissions when creating an application.

With the full set of Ytria-recommended permissions, you can do the following:

Users

  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Drive item, Messages, Contacts, Calendar entries
  • For your own account and those users whose mailboxes you have access to.

Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.

Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups

  • View all groups in your tenant, including their property information.
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Add or remove owners for any group in your tenant, even multiple groups and owners at once.
  • Manage delivery restrictions on any group in your tenant, even multiple groups at once.

Calendar events
For your own mailbox and other mailboxes you have access to:

  • View all calendar events
  • Preview calendar event body
  • See attachment information.

SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.

Try sapio365 today:

Free for 7 days

No credit card required. Install it locally.
Download. Install. Register. Work.
It’s that easy.