I MyDesk there are many different functions that require different rights to function, like the Graph API exhibits. MyDesk does not have access to information in your platform.
- User.Read.All
Basic only gives access to view the following information.
displayName
givenName
mail
photo
surname
userPrincipalName
Read all gives access (in the user’s context) to read more information such as Manager.
It is used when you want to see information about your colleagues and when you want to make bookings on behalf of your employees and to be able to book for colleagues. If you don’t want to give this right, it can be removed, but then there will be functionality that doesn’t work and can’t be used as intended.
- Calendars.ReadWrite
This is necessary for the user to actually send an invitation through MyDesk and add it to their own calendar. We use the Graph API provided by Microsoft and it requires write access to be able to add something to your calendar. In addition, the same privilege is used to create desk bookings in Outlook as well. Both in relation to whether they are in the office or working at home (out of office)
The above permissions are used in MyDesk for the following:
Find colleagues
One of the features is to be able to search for colleagues to see where they are sitting on specific days and at the same time see their profile picture and master information. In addition, with the same feature, you can build your own teams so you have easy access to see where all your closest colleagues are. In order to see colleagues’ picture, master information and presence, you need: Precense.Read.All, User.Readbasic.All, User.Read, User.Readbasic.All.
Presence.Read.All contains 2 pieces of information from user profiles.
{ “id”: “66825e03-7ef5-42da-9069-724602c31f6b”, “availability”: “DoNotDisturb”, “activity”: “Presenting” }
Book on behalf of others
In MyDesk you can enable features such as: book for colleagues and manager booking. Book for colleagues means that you can book on behalf of colleagues who are affiliated with the same department. This feature requires: User.Read.All, User.Read, User.Readbasic.All
Manager booking allows you to make bookings for all those who refer to you as a manager in AD. This function requires: User.Read.All, User.Read, User.Readbasic.All.
Book on behalf of others applies to desk booking only.
MyDesk access groups
In MyDesk, you can configure which people can book in different areas based on AD security groups. These groups can be assigned to both areas and locations in MyDesk. In addition, security groups are also used to give access to different areas in MyDesk – for example, who are administrators, who has access to reporting, etc. To avoid tying it to people, we use AD groups. This requires: Group.Read.All, GroupMember.Read.All.
This access can be removed after registration if you do not want this. The other rights mentioned in Find colleague and Book on behalf of others cannot be removed immediately.
