Hi,
Is there a way that the permissions Dataminer needs to integrate with teams can be lowered?
As it stands at the moment our IT team will not allow Dataminer to have such high levels of admin as detailed here:
All we want to do is have the ability to post alarms to specific channels, so I was wondering if there was a way to tailor the permissions to only give that ability? If not, is this something Skyline will look at in the future or is this the only option?
Thanks, Carl
Hi,
The docs regarding this can be found here: Granting admin consent for Teams Chat Integration | DataMiner Docs.
Currently using the Admin App you can only confirm all permissions at once. It is possible to revoke certain (or all permissions) in Azure at any time afterwards if those are not needed (anymore). For this you can refer to the Microsoft Docs Review permissions granted to enterprise applications - Microsoft Entra ID | Microsoft Learn, which is also referenced in a note at the bottom of the page here Granting admin consent for Teams Chat Integration | DataMiner Docs.
Most permissions speak for themself. Note that none of these permissions allows Skyline to fetch the content or messages from teams, channels or chats.
Purely to post notifications using Chat Integration the following permissions are required (can be scoped to only allow chats or only teams/channels):
- The permissions to 'Read...' information like existing chats or teams/channels.
- The DataMiner App must be installed in the chat or team/channel where the notification should be posted. This can be done manually in Teams instead of using Chat Integration, which would remove the need for those permissions 'Manage Teams apps..'. See DataMiner Teams bot | DataMiner Docs on how to install the DataMiner bot manually.
Permissions to 'Create..' Teams/channels would not be needed.
Permissions to 'Add and remove members' would not be needed.
Hope this clears things up. Let me know if you need more information.
Wkr