Copilot Connector Permissions
The Therefore™ Copilot Connector supports Therefore™ permissions in full, with a few exceptions listed below. When a document is uploaded to Microsoft Graph, Therefore™ permissions to access this document (Open/View) are evaluated for each user and group. This will generate an Access Control List. When Copilot requests any information in the Microsoft Graph connection, it does so on behalf of the currently logged in Entra ID user. This information is only provided if said user has access according to the Access Control List.
See also:
Permissions in RBAC
|
Note:
Only users from the same Entra ID tenant as the one used by the Copilot Connector can use said connector. Any internal Therefore™ users that are not in the Entra ID tenant will not be considered by the Connector for the Access Control List. |
Permission Conditions
Permission conditions are generally supported with the following exceptions:
-
The macros 'NOW' and 'TODAY' are not supported, as permissions are evaluated during the upload to Microsoft Graph and not at the time of the access request. A role will not be granted when either of these macros are used, except in the case of a deny role, which will be granted unconditionally.
-
With groups, the macros '$user', '$userno' and '$usermail' are only supported in the following basic way: “ixDataField = $user”. Combinations with 'and', 'or' or, 'in' are not supported. In addition, the user in the index data field must be a valid Entra ID user and exist in the 'TheUser' database table.
Due to a Microsoft Graph limitation, updates to permissions will take 3 to 6 hours (with some exceptions) to become effective. When a permission change affects a whole category, the update process will take more time, depending on the number of documents.
Permission updates are counted toward the 'Pending Updates' count found in the Therefore™ Console. See:
Copilot Connector
|
|
Note:
|