Your SharePoint environment is protected by SSO and organizational access controls. To deliver intelligent, context-aware responses, our AI system must ingest and process organizational knowledge securely and reliably. Below is a breakdown of the permissions we request, what they enable, and why they are necessary for functionality and security.
These permissions are carefully scoped to balance functionality, compliance, and access control boundaries.
This table shows an overview of the permissions LearnWise requires to have a fully functional integration with SharePoint
Sites.SelectedWhat it does: Restricts the app’s access to only the specific SharePoint site collections explicitly approved in LearnWise by an admin.
Why we need it:
This is a scoped alternative to full Sites.Read.All access. If your organization prefers tight control over which SharePoint sites the AI can read, this permission enables that. It’s ideal for phased rollouts, pilots, or department-specific deployments.
Sites.Read.All (Delegated + Application)What it does: Grants read-only access to all SharePoint site content a user (Delegated) or the app (Application) can access so that LearnWise can list all possible sites for selection.
Why we need it:
✅ It's required for broad coverage or where site-level whitelisting is impractical.
Files.Read.AllWhat it does: Lets the app read all user files in OneDrive and SharePoint.
Why we need it:
Many orgs store critical content in user drives or shared folders. This permission allows the AI to:
📌 It's strictly read-only, and respects user-level access controls.
User.Read.All