Role-based access controls
New role-based access controls in sapio365 allow you to edit access permissions for files, group, servers, and admin control in Office 365 at a granular level. With these changes, sapio365 users can manage their cloud environment quicker and more effectively than ever. Unlike rival alternatives, and Office 365 default controls, Ytria allows you unparalleled detail in your controls. It allows you to entirely customize the scope of your access rules, based on a vast array of parameters, including job title, organization, department, Group, and much more. For example, you can set access to a folder to apply only to users with ‘IT’ in their job title, or to actively exclude them. The possibilities for you to easily customize detailed rules for your organization are endless. Establish your own scopes for delegating role based access controls. For example, set access parameters for all users with ‘IT’ in their job title or department, or establish default permissions for your entire organization. Create your own laser-focused scopes based on a vast array of potential parameters. Edit permissions at multiple levels of detail, from your entire organization through teams, Groups, or individual user, including your own bespoke customized parameters. Control the number of licenses any one user can create or control, effectively capping unnecessary license creep. sapio365 keeps a detailed log of all role-based changes that are made, so can easily identify the nature of changes, when they were made, and by whom. All data processed by sapio365 is stored within your Azure tenant. This means its governed by the same compliance and security policies as the rest of your data. Role-based access controls in sapio365 complete the final piece of the Office 365 administration puzzle. It allows administrators to finely tailor the information each individual user has access within their organization. From here, they can balance the demands of maintaining security with the need to enable constant productivity. This maximizes the value that users get from both their Office365 and sapio365 investments.Granular access controls: New from sapio365
Detailed role-based access controls
Customized parameters
Granular control
Watertight costs
Comprehensive records
Secure data
Take control over your environment
Find out which type of session you should use
Are you a non-admin user or an admin? There are different session types for each. What you’ll be able to do in sapio365 depends on a combination of your user rights and the session type you use. If you are NOT an admin, start with a User session—it is usable right “out of the box.” For other sessions, admin consent is required. You can always request consent in the meantime. Users can access all their own data including: No admin consent needed Additional access (according to user rights): No admin consent needed Additional access (with full permissions assigned): Admin consent required This requires an app registration on the Azure v2 Active Directory Endpoint. All sapio365 app permissions are assigned by the creator of the app ID. (No admin consent needed) Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope. Your user rights apply to a User session. See your own contacts as well as contacts of users whose mailbox you have access to. See all information—including permissions—for all OneDrive files you can access. (Admin consent required) Actual user rights are respected—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope. Admin and Ultra Admin sessions both require the consent of a Global Administrator in order to function. If you give consent once, it will work across your entire tenant. See this page for the full process of providing admin consent for each of the session types. Only an administrator with the role of global administrator can provide consent for sapio365’s Admin sessions. Feel free to send a global administrator to this page: How to provide admin consent to sapio365. Your user rights apply to an Admin session. See your own contacts as well as contacts of users whose mailbox you have access to. See all information—including permissions—for all OneDrive files you can access. (Admin consent required) Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope. Admin and Ultra Admin sessions both require the consent of a Global Administrator in order to function. If you give consent once, it will work across your entire tenant. See this page for the full process of providing admin consent for each of the session types. Only an administrator with the role of global administrator can provide consent for sapio365’s Admin sessions. Feel free to send a global administrator to this page: How to provide admin consent to sapio365. If you have already registered an application ID, you’ll need to tell which application ID you need consent for. Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope. Authorized users are responsible for assigning their own permissions when creating an application. See your own contacts as well as contacts of users whose mailbox you have access to. See all information—including permissions—for all OneDrive files you can access.Which session type should I choose?
User session
Admin session
Ultra Admin session
User session
What can I access? How are my user rights handled?
What can I do in a User session?
According to your user rights, you can do the following:
Users
Mail
Contacts
OneDrive files and folders
Groups
Calendar events
SharePoint sites and lists
Admin session
What can I access? How are my user rights handled?
I'm an admin. How do I give consent to sapio365?
How can I get admin consent for sapio365?
What can I do in a Admin session?
According to your user rights, you can do the following:
Users
Mail
Contacts
OneDrive files and folders
Groups
Calendar events
SharePoint sites and lists
Ultra Admin session
What can I access? How are my user rights handled?
I'm an admin. How do I give consent to sapio365?
How can I get admin consent for sapio365?
What can I access? How are my user rights handled?
What can I access in a Ultra Admin session?
With the full set of Ytria-recommended permissions, you can do the following:
Users
Mail
Contacts
OneDrive files and folders
Groups
Calendar events
SharePoint sites and lists