Sharing access to Microsoft 365 items
Shared access is a technology that is used in various yasoon applications.
It allows you to share Microsoft 365 entities like emails, conversations, chats or calendars with other Jira or Confluence users. You are basically giving them a very narrow access to certain information on your behalf.
Security
Security is our top priority when sharing access to entities. Whenever a user shares something with other users, a permission entry, along with a reference to the users authentication tokens is stored in our encrypted database.
When a user requests access to a shared entity like an email, the request is validated based on the permissions configured. When this user is granted access, our server calls the corresponding Microsoft resource on behalf of the user that shared the item. As all the data handling is done via our servers, no direct access is granted to any un-privileged user.
Whenever the user that shared the entity logs out of the app, other users no longer have access to the shared resources. If the user renews their login, access to the shared entity will be restored.
Microsoft 365 entities
The following Office 365 objects can be shared within Jira/Confluence:
Single mails
Whole conversations
Outlook calendars
Single calendar event/meeting
Microsoft Teams chats
Permission Types
Each Office 365 item can be shared with a specific permission scope.
The app currently provides the following sharing permissions:
Private
Only allows access to the Office item to the person who shared it.
Validated by the Microsoft login.
Atlassian Cloud
Gives every logged in Atlassian user access to the shared Office item.
Validated by the Atlassian JWT-Token
Public
Gives every user access to the shared Office item even if they are not logged in with Atlassian.
Validated by the Atlassian JWT-Token
Changing Permission Type
Everyone with native Graph access to the Microsoft entity should be able to change the permission type.
Unlinking Microsoft 365 entities
Everyone with native Graph access to the Microsoft entity OR ISSUE_DELETE permission in Jira should be able to unlink entities from issues.