The admin consent Sketchup for Schools is asking for in Azure AD is excessive. We can not approve it because of the security implications. Please ask your developers to reconsider.
The app should not need the “Read directory data” permission as I have never given this high level of consent to any app before.
Requested permission: Read directory data Allows the app to read data in your organization’s directory, such as users, groups and apps.
Instead it should be asking for: Access the directory as the signed-in user Allows the app to have the same access to information in the directory as the signed-in user.
It also shouldn’t need: Have full access to user files Allows the app to read, create, update and delete the signed-in user’s files.
Instead it should be asking for: Read and write user files Allows the app to read, create, update, and delete the current user’s files.
well I think for full access to files and read create update and delete user files is for google drive If you delete a project it will delete it from your drive and if you are making one then it needs to place that inside your drive
Sorry I am not understanding the relevance of your comment as it relates the permissions being request for Azure AD and Microsoft 365. Full access to the tenant directory is not required for user access and exposes our organization to potential exploit.
Hi, i have a similar interest in why there is so massive permission requested. Is there a reason the app need to beable to read directory permission, get user et groups. It seem to me that the user profile et access to OneDrive Folder will be enough. Any update on that?
I am hopeful that someday Trimble won’t need to read everyone’s entire directory data for basic user login. Another year passes and no change to the admin consent grant. I did run the same access request using Google and it did not require full directory access
Hi SketchUp for schools team (@Tori_SU ),
Agreeing with Mike, it would be nice if you could reconsider retiring some permissions needed to use SketchUp for schools when the authentication goes through Microsoft 365.
As a member of the education government team in Valencia (Spain), under European General Data Protection Regulation we cannot allow such permission levels in any app because of security and privacy implications (specifically, read directory data permission can retrieve information of all students).
And it’s a shame, because some of the 1,500 schools we run would be excited to use the app.
Kind regards,
Cristian