• Documentation
  • Back to www.mscrm-addons.com
  • Documentation
  • Back to www.mscrm-addons.com
home/Knowledge Base/DocumentsCorePack(DCP)/Online Services: Required Application Permissions

Online Services: Required Application Permissions

2545 views 3 Updated on November 17, 2021

This article outlines the permissions required when setting up a DocumentsCorePack or AttachmentExtractor service via DocumentsCorePack Service Configuration or AttachmentExtractor Service configuration

During the service setup you will be asked to grant the following permissions to our application:


Figure 1: Permission requested during service setup

“Consent on behalf of your organization”

This grants the consent for all users and further connections are enabled to use this connection without having to consent on their own.

I do not have an administrator account available

If you are not having access to an administrator account, please have an administrator launch this link and register the application.

https://login.microsoftonline.com/common/oauth2/authorize?resource=https:%2F%2Fdisco.crm.dynamics.com%2F&client_id=cf64f130-739b-4003-9b1f-9d8f3818c4bb&response_type=code&haschrome=1&redirect_uri=http:%2F%2Fwww.mscrm-addons.com&client-request-id=75254dac-02af-4909-b32f-9d76dc98a32e&prompt=login&x-client-SKU=.NET&x-client-Ver=5.0.0.0&x-client-CPU=x64&x-client-OS=Microsoft+Windows+NT+6.2.9200.0

Common Data Service:

  • Access to common data service

Required to access your Dynamics 365 data read data for document generation as well as write data back to Dynamics 365.

SharePoint:

  • Read and Write your files &
  • Read and write items in all site collections &
  • Read and write items and lists in all site collections

Required to fully use the Dynamics SharePoint integration.
When DocumentsCorePack is linked with Dynamics SharePoint Integration, DocumentsCorePack will create lists, folders & files in the
corresponding SharePoint locations.

  • Sign in and read user profile

This is required to log in as the user in Dynamics 365 and also for some of our licensing options.

 

Why is this needed and what`s the impact?

What is an Application registration?

The application registration defines the privileges the user used during the login is granting our application in his name.

 

While being called an “Application”, it’s not having any components and does not interact with anything outside of your AzureActiver Directory.

You can find details about your registered applications within the “Enterprise Application” section in your AzureActiveDirectory.

 

Why do I need to consent?

consent is required to grant the requested permissions to our application.
The “consent in the name of the organization” option bypasses the need for other further users using our products to individually consent again (i.e. Consent only has to be granted by one user)

Does this breach my security?

Server2Server authentication is not allowing any access without an interactive user login. There is no access granted to any party outside your AzureAD.

Im not using Sharepoint at all. Do i still have to consent?

You need to consent during the installation, but you are free to modify the privileges after the application has been registered.
As we do not know, which sites on Sharepoint are planned to be used, we can only request access to all of them.

Note: Azure active directory already offers template scripts to change those privileges. Please not, that you must confirm the grant again after modifiying the privileges.


In addition, AzureAD has recently added options to manage rights for specific sites via PowerShell.

How can I prevent, that all users have to consent to the application individually?

If you didnt consent during the installation of the application, you can always do so from within AzureActiveDirectory.

Click on the “Grant admin consent to [Your tenant name]” button to grant consent for all users and prevent the requirement for users to individually have to consent to the application.

Helpful ressources:

App-Registration documentation from Microsoft:

  • Application object
  • How and why applications are added to Azure AD

Server2Server/OAuth/ModernAuthentication documentation from Microsoft:

  • OAuth 2.0 and OpenID Connect protocols on the Microsoft identity platform
  • Microsoft identity platform and OAuth 2.0 authorization code flow

That’s it! We appreciate your feedback! Please share your thoughts by sending an email to support@mscrm-addons.com

Was this helpful?

3 Yes  No
Related Articles
  • How to solve the issue with DocumentsCorePack fields in Arabic text
  • How to access mscrm-addons product settings in Dynamics 365
  • One-Click-Actions (OCAs) in DocumentsCorePack
  • Service Configuration options
  • Multipart documents in DocumentsCorePack
  • How to create totals in the footer of a table
Latest Articles
  • How to display various activity-attributes within multiple rows in Gantt view
  • Recap: European Power Platform Conference 2022
  • How to solve the issue with DocumentsCorePack fields in Arabic text
  • How to access mscrm-addons product settings in Dynamics 365
  • One-Click-Actions (OCAs) in DocumentsCorePack
Popular Articles
  • DocumentsCorePack Online Service Configuration
  • Where do I find the Unique Organization name in Microsoft Dynamics 365?
  • mscrm-addons.com Application Access for Dynamics 365 (App Access) – DocumentsCorePack
  • How to activate the DocumentsCorePack connector for PowerApps & Microsoft Flow
  • How licenses are counted
Top Rated Articles
  • IMPORTANT information for Dynamics 365 online customers using DocumentsCorePack and/or AttachmentExtractor
  • How to activate the DocumentsCorePack connector for PowerApps & Microsoft Flow
  • Step-by-Step: How to configure a One-Click-Action
  • Can you save data capacity by moving email content?
  • How to shorten an alias (Alias is longer than 128 characters)
Categories
  • *News and General Infos* 50
  • Template Designer(DCP 160
  • DocumentsCorePack(DCP 180
  • TelephoneIntegration (TI 64
  • AttachmentExtractor (AE 55
  • PowerSearch (PS 43
  • ActivityTools (AT 57
  • SmartBar (SB 51
  • GroupCalendar (GC 45
Our Vision

“We see it as our purpose to provide products that simplify and speed up our customers’ Microsoft Dynamics 365 experience.”

Knowledgebase
LogIn
mscrm-addons.com
  • Products
  • Online Shop
  • Downloads
  • My Account
About Us
  • About Us
  • Case Studies
  • Newsletter
  • Partner Program
  • Contact
Support
  • Support
  • Terms & Conditions
  • Documentation
  • Webinars
  • Legal Documents
  • Impressum
  • © 2022 www.mscrm-addons.com. All Rights Reserved.