Table of Contents

Delegated permissions

The permissions below are known as delegated permissions:

Image shows delegated permissions

Delegated permissions are the subset of both the current user permissions and the application permissions.

Image shows delegated permission venn diagram

Granting delegated permissions:

  • Does not grant the application any permission by itself, a user must always be present.
  • Does not grant the user permission to do anything they couldn't already do without the app.
  • Is a filter that controls what the application can do on the user's behalf.
  • Doesn't change the security posture of the Microsoft 365 tenant other than to trust Altus software to work on behalf of the users to perform actions they could already do manually.

More information about delegated permissions.