Delegated permissions
The permissions below are known as delegated permissions:
Delegated permissions are the subset of both the current user permissions and the application permissions.
Granting delegated permissions:
- Does not grant the application any permission by itself, a user must always be present.
- Does not grant the user permission to do anything they couldn't already do without the app.
- Is a filter that controls what the application can do on the user's behalf.
- Doesn't change the security posture of the Microsoft 365 tenant other than to trust Altus software to work on behalf of the users to perform actions they could already do manually.