This guide will help you understand the permissions required and pros and cons of application and delegate access.
Overview
The main fundamental difference between application access and delegate access is that when you book with delegate access, the organiser is the resource. So in effect, the resource books itself.
This means that the resource invites you as an attendee to your own booking and you are unable to edit or cancel your own booking.
Comparison
Functionality
Application
Delegate
Book using your account
✅
❌
Edit your own booking
✅
❌
Cancel your own booking
✅
❌
Find a teammate
✅
❌
Book on behalf of
✅
❌
Check in
✅
❌
Application permissions
Application access is UMA's preferred method of interacting with Microsoft Graph API as the level of access provides a more feature rich solution for end users.
Requests will be carried out by individual user accounts.
UMA's enterprise application supports limiting access to users and resources should you need to.
The permissions needed for application access are as follows:
Calendars.Read
Read calendars in all mailboxes
We need this permission to read the free/busy information of all calendars in Microsoft.
This is required to help with viewing, editing and booking resources, along with understanding when and where users are based on their bookings.
Calendars.ReadWrite
Read and write calendars in all mailboxes
We need this permission to write to your users and resource calendars.
This is required when booking or editing a booking through UMA.
Group.Read.All
Read all groups
We need this permission to read your Microsoft 365 groups for user sync.
GroupMember.Read.All
Read all group memberships
We need this permission to read the members of your Microsoft 365 groups for user sync.
Place.Read.All
Read all company places
Allows UMA to read your company's places (conference rooms and room lists) for calendar events and other applications, on behalf of the signed-in user.
User.Read.All
Read all users full profiles
Allows UMA to read the full set of profile properties, reports, and managers of other users in your organisation, on behalf of the signed-in user.
Delegate permissions
Delegate access should only be used for specific use cases where user based features are not required.
Requests can only be performed using a delegate account.
The permissions needed for delegate access are as follows:
Calendars.Read
Read calendars in all mailboxes
We need this permission to read the free/busy information of all calendars in Microsoft.
This is required to help with viewing, editing and booking resources with a delegate account.
Calendars.ReadWrite
Read and write calendars in all mailboxes
We need this permission to write to resource calendars using a delegate account.
Group.Read.All
We need this permission to read your Microsoft 365 groups for user sync.
GroupMember.Read.All
Read all group memberships
We need this permission to read the members of your Microsoft 365 groups for user sync.
Places.Read.All
Read all company places
Allows UMA to read your company's places (conference rooms and room lists) for calendar events and other applications, on behalf of the signed-in user.
User.Read.All
Read all users full profiles
Allows UMA to read the full set of profile properties, reports, and managers of other users in your organisation, on behalf of the delegated user.
