The app requires access to additional resources outside of SharePoint to enable its advanced features. A Global Administrator has to grant access to ensure the app functionality is not limited.
Some permissions are granted directly through the app components and some are granted through SharePoint Admin page.
SharePoint Admin API management
Here you grant two permissions:
- Access to Azure AD - allows modern forms to query AD group membership to allow you to use rules in the form that are specific to users in certain AD groups.
- Access to Exchange Calendars - required by Calendar web part to be able to read Exchange Calendars. You do not need to grant this permission if you are not planning to display users' Exchange calendars in the web part.
To grant the permissions, you need to do the following
- Click on the waffle menu in the top left corner, then click on the Admin app
- Under Admin centers in the left menu, click on SharePoint
- On the left menu click on API access under Advanced
Here you should be able to see the pending approval request for special permissions:
- Microsoft Graph / Directory.Read.All - required for Modern forms, allowing them to check Azure AD group membership of the current user when applying various form rules.
- Microsoft Graph / Calendars.ReadWrite.Shared - access to Exchange calendars (only needed when Calendar web part is used to connect to Exchange calendars)
Various components of Ultimate Forms require additional permissions, depending on the features you use. In most cases, the permission is requested when a certain feature is used for the first time (for example, when setting up Import form Exchange Online, it will request access to Exchange mailboxes).
All permissions are granted at the tenant level and only need to be granted once. You can examine and, if needed, revoke the grants under Enterprise Applications on your Azure AD Admin page
IMPORTANT: Alerts need to be granted two permissions upon initial installation to ensure alerts can be delivered via Exchange Online and Azure AD group membership can be queried for the purposes of security trimming of recipients.
- Enter Ultimate Forms as a Global Administrator and Site Collection administrator.
- Click on Alerts
- Switch to Administration tab
- Test and grant both Exchange and Azure AD permissions
9/9/2021 10:13 PM