This article described how the new permissions system for Calendar Online App is organized. Please take a look to learn more about it.
Virto Calendar Overlay Pro App helps users to overlay calendars from several data sources. You just tick the Exchange calendars, public folders, or MS Planner tasks to add to your calendar immediately. When you create a shared calendar, you have to concern about security. Large companies with various departments and many calendars do not suppose a calendar overlay available for everyone in the company. There should be users with a larger range of permissions and users with read-only access rights.
VirtoSoftware pays much attention to the security aspect of developing the products. Here is the description of the Virto Calendar Online Application permissions system.
Virto Calendar Authorization App
When a user (usually an admin) completes installing the Virto Calendar Online Application, the authentication app Virto Calendar Authorization is added automatically. The app receives “Admin consent” status when the admin checks “Consent on behalf of your organization”.
Note: Site collection administrators have license manager roles by default and can assign calendar managers. The calendar manager can change the settings of calendars and data sources on a current site collection.
Virto Calendar Online app allows you to use many options of the access rights and define who will be able to work with calendars.
For example, “Have full access to user calendars” allows you to edit calendars and create new events. A common user can delegate this access right under his/her account.
If someone has shared a Calendar with you, you need to access it and have edit rights. In this case, you also should give “Read and write user and shared calendars” permission to the user you share your calendar with.
As you see, the user doesn’t have to be an administrator to delegate these permissions.
But there are also calendar permissions that you can give other users only if you are an administrator. Look, for instance, at the “Read and write all groups” permission or “Revoke access” button. These permissions are not available for common users.
API permissions such as “Open id” or “Profile id” allow the user to sign in and sign out.
“Group read write” permissions required to be consent by admin to let the group add events, edit calendars, etc.
“Mailbox settings” allow users to read category settings.
Note: any user can access Virto Calendar Add-in, manage and configure calendars in the trial license.
Every permission you see in the Calendar Authorization App has a short description. So, if we haven’t described one above, just go to the Authentication app and find the details next to every permission.
Thank you for your interest in Virto Calendar products. Please feel free to leave feedback.