Embed Size (px)
Citation preview
Application Access
4
Concern Areas:
Type of Users
Types of Content
Default Scopes
Type of Users: Will you be working with users
within an entire enterprise, or just the app?
Types of Content: Do you need to access and
manage data within the enterprise?
Default Scopes: Read / Write (A,E), Manage
Users (A,E), Manage Groups (A,E), Manage
Enterprise Properties (E).
Application Scopes
Scope Name: root_readwrite
Capabilities:
• Upload / view / download / update file
versions.
• Create / edit / delete collaborations,
tags, tasks, comments, @mentions,
task assignments, notifications, and
collections.
• View enterprise profile information.
8
9
Scope Name: manage_managed_users
Capabilities:
• Subset of manage enterprise scope
• Add / view / edit / delete / activate /
disable Box users.
• Change primary login, reset password,
change role for managed user and
enterprise content.
10
Scope Name: manage_app_users
Capabilities:
• Allows application to provision and
manage its own app users.
• Add / view / edit / delete / activate /
disable app users.
11
Scope Name: manage_groups
Capabilities:
• Subset of manage an enterprise scope
• View / create / edit / delete groups and
group memberships for all users.
12
Scope Name: manage_webhook
Capabilities:
• Allows your app to programmatically
control webhooks.
• Create / fetch / update / delete new or
existing webhooks.
13
Scope Name:
manage_enterprise_properties
Capabilities:
• Subset of the manage an enterprise
scope.
• View and edit enterprise attributes
and reports, edit and delete device
pinners (what devices can use
native Box applications).
14
Scope Name: manage_data_retention
Capabilities:
• View, create, and fetch content
retention policies with Box
Governance.
Advanced Application Features (JWT)
Purpose: Perform actions on behalf of
another user.
Capabilities:
• Needed for full SDK functionality
for user actions (As-User header)
• Allows you to properly manage
users, their content, and actions.
17
18
Purpose: For JWT applications,
create individual OAuth 2 tokens for
users.
Capabilities:
• Needed for full SDK functionality
for JWT application user actions.
• Allows you to bypass the need for
credentials in the typical OAuth 3-
legged flow.
Authorization and Applications
