The app requires access to additional resources within and outside of SharePoint to enable its advanced features. A Global Administrator has to grant access to ensure the app functionality is not limited.
Some permissions are granted directly through the app components and some are granted through SharePoint Admin page.
SharePoint Admin API management
Here you grant the following permissions:
- SharePoint Online (required from version 1.4.0.0) - allows the app to obtain access token for SharePoint API, used to open the main Ultimate Forms app.
- Access to Azure AD (recommended) - allows modern forms to populate people pickers and to query AD group membership for rules.
- Access to Exchange Calendars (optional) - required by Calendar web part to be able to read Exchange Calendars. You do not need to grant this permission if you are not planning to display users' Exchange calendars in the web part.
- Access to Term Store (recommended) - required to be able to view and add new terms in managed metadata columns in Modern forms.
To grant the permissions, you need to do the following
- Click on the waffle menu in the top left corner, then click on the Admin app
- Under Admin centers in the left menu, click on SharePoint
- On the left menu click on API access under Advanced
Here you should be able to see the pending approval request for special permissions:- Office 365 SharePoint Online (required) - required to be able to gain access to the main Ultimate Forms app (from version 1.4.0.0)
- Microsoft Graph / Directory.Read.All & User.Read.All - required for Modern forms, allowing them to check Azure AD group membership of the current user when applying various form rules as well as searching for users in Person or group columns.
- Microsoft Graph / Calendars.ReadWrite.Shared - access to Exchange calendars (only needed when Calendar web part is used to connect to Exchange calendars)
- Microsoft Graph / TermStore.ReadWrite.Shared - access to the term store to read and create terms from modern forms.
Component-specific permissions
Various components of Ultimate Forms require additional permissions, depending on the features you use. In most cases, the permission is requested when a certain feature is used for the first time (for example, when setting up Import from Exchange Online, it will request access to Exchange mailboxes).
All permissions are granted at the tenant level and only need to be granted once. You can examine and, if needed, revoke the grants under Enterprise Applications on your Entra (Azure AD) Admin page.
IMPORTANT: Alerts need to be granted two permissions upon initial installation to ensure alerts can be delivered via Exchange Online and Entra (Azure AD) group membership can be queried for the purposes of security trimming of recipients.
- Enter Ultimate Forms as a Global Administrator and Site Collection administrator.
- Click on Alerts
- Switch to Administration tab
- Test and grant both Exchange and Azure AD permissions