• Release History
  • Documentation
  • Back to www.mscrm-addons.com
  • Release History
  • Documentation
  • Back to www.mscrm-addons.com
home/Knowledge Base/DocumentsCorePack(DCP)/Online Services: Required Application Permissions

Online Services: Required Application Permissions

3289 views 5 Updated on July 25, 2022

This article outlines the permissions required when setting up a DocumentsCorePack or AttachmentExtractor service via DocumentsCorePack Service Configuration or AttachmentExtractor Service configuration

During the service setup you will be asked to grant the following permissions to our application:


Figure 1: Permission requested during service setup

“Consent on behalf of your organization”

This grants the consent for all users and further connections are enabled to use this connection without having to consent on their own.

I do not have an administrator account available

If you are not having access to an administrator account, please have an administrator launch this link and register the application.

https://login.microsoftonline.com/common/oauth2/authorize?resource=https:%2F%2Fdisco.crm.dynamics.com%2F&client_id=cf64f130-739b-4003-9b1f-9d8f3818c4bb&response_type=code&haschrome=1&redirect_uri=http:%2F%2Fwww.mscrm-addons.com&client-request-id=75254dac-02af-4909-b32f-9d76dc98a32e&prompt=login&x-client-SKU=.NET&x-client-Ver=5.0.0.0&x-client-CPU=x64&x-client-OS=Microsoft+Windows+NT+6.2.9200.0

Common Data Service:

  • Access to common data service

Required to access your Dynamics 365 data read data for document generation as well as write data back to Dynamics 365.

SharePoint:

  • Read and Write your files &
  • Read and write items in all site collections &
  • Read and write items and lists in all site collections

Required to fully use the Dynamics SharePoint integration.
When DocumentsCorePack is linked with Dynamics SharePoint Integration, DocumentsCorePack will create lists, folders & files in the
corresponding SharePoint locations.

  • Sign in and read user profile

This is required to log in as the user in Dynamics 365 and also for some of our licensing options.

 

Why is this needed and what`s the impact?

What is an Application registration?

The application registration defines the privileges the user used during the login is granting our application in his name.

 

While being called an “Application”, it’s not having any components and does not interact with anything outside of your AzureActiver Directory.

You can find details about your registered applications within the “Enterprise Application” section in your AzureActiveDirectory.

 

Why do I need to consent?

consent is required to grant the requested permissions to our application.
The “consent in the name of the organization” option bypasses the need for other further users using our products to individually consent again (i.e. Consent only has to be granted by one user)

Does this breach my security?

Server2Server authentication is not allowing any access without an interactive user login. There is no access granted to any party outside your AzureAD.

Im not using Sharepoint at all. Do i still have to consent?

You need to consent during the installation, but you are free to modify the privileges after the application has been registered.
As we do not know, which sites on Sharepoint are planned to be used, we can only request access to all of them.

Note: Azure active directory already offers template scripts to change those privileges. Please not, that you must confirm the grant again after modifiying the privileges.


In addition, AzureAD has recently added options to manage rights for specific sites via PowerShell.

How can I prevent, that all users have to consent to the application individually?

If you didnt consent during the installation of the application, you can always do so from within AzureActiveDirectory.

Click on the “Grant admin consent to [Your tenant name]” button to grant consent for all users and prevent the requirement for users to individually have to consent to the application.

Helpful ressources:

App-Registration documentation from Microsoft:

  • Application object
  • How and why applications are added to Azure AD

Server2Server/OAuth/ModernAuthentication documentation from Microsoft:

  • OAuth 2.0 and OpenID Connect protocols on the Microsoft identity platform
  • Microsoft identity platform and OAuth 2.0 authorization code flow

That’s it! We appreciate your feedback! Please share your thoughts by sending an email to support@mscrm-addons.com

Was this helpful?

5 Yes  1 No
Related Articles
  • Office Theme Support of DocumentsCorePack
  • AssureSign for DocumentsCorePack
  • Dynamic Document Properties
  • How to conditionally remove a watermark in DocumentsCorePack templates
  • Document Processing with DocumentsCorePack (DCP)
  • Switch environments in the DocumentsCorePack Template Designer
Latest Articles
  • New DocumentsCorePack Connector features for Power Automate
  • Office Theme Support of DocumentsCorePack
  • AssureSign for DocumentsCorePack
  • Dynamic Document Properties
  • How to conditionally remove a watermark in DocumentsCorePack templates
Popular Articles
  • Where do I find the Unique Organization name in Microsoft Dynamics 365?
  • DocumentsCorePack Online Service Configuration
  • mscrm-addons.com Application Access for Dynamics 365 (App Access) – DocumentsCorePack
  • DocumentsCorePack Template Designer – Getting Started
  • Step-by-Step: How to configure a One-Click-Action
Top Rated Articles
  • IMPORTANT information for Dynamics 365 online customers using DocumentsCorePack and/or AttachmentExtractor
  • How to activate the DocumentsCorePack connector for PowerApps & Microsoft Flow
  • Step-by-Step: How to configure a One-Click-Action
  • Online Services: Required Application Permissions
  • How licenses are counted
Categories
  • *News and General Infos* 51
  • Webinars 35
  • Template Designer(DCP 173
  • DocumentsCorePack(DCP 191
  • TelephoneIntegration (TI 65
  • AttachmentExtractor (AE 62
  • PowerSearch (PS 48
  • ActivityTools (AT 59
  • SmartBar (SB 53
  • GroupCalendar (GC 46
Our Vision

“We see it as our purpose to provide products that simplify and speed up our customers’ Microsoft Dynamics 365 experience.”

Knowledgebase
LogIn
mscrm-addons.com
  • Products
  • Online Shop
  • Downloads
  • My Account
About Us
  • About Us
  • Case Studies
  • Newsletter
  • Partner Program
  • Contact
Support
  • Support
  • Terms & Conditions
  • Documentation
  • Webinars
  • Legal Documents
  • Impressum
  • © 2022 www.mscrm-addons.com. All Rights Reserved.