Clarification on SharePoint Macro Consent Flow and Permissions

Hi Team,

We have a customer using SharePoint in a secure environment. While configuring the Prolaborate SharePoint Macro on their site, a consent popup is displayed during the approval process.

Previously, our macro implementation used the Admin Consent flow. Based on the customer’s security and approval requirements, we have modified the consent to use the User Consent flow instead.

The customer has requested additional clarification regarding the consent process. Specifically, they would like to understand:

• The exact API calls triggered for these two consents
• View your basic profile
• Maintain access to data you have given it access to
• The permissions being requested from Microsoft Graph or SharePoint
• Whether the application requests any tenant-wide or high-privilege permissions
• Whether minimal permissions such as Sites.Selected can be used instead of broader scopes

Current concern:

• The customer feels the current permission request is too broad for approval within their secure environment (Banking customer).

Reason:

• Their internal approval process requires clear visibility into the exact API and permission scopes being requested, as different permissions are reviewed and approved by different internal teams (for example, User.Read is managed by the Identity team).

From our implementation side, we are using only custom APIs and are not directly calling Microsoft Graph APIs.

This information will help us provide a clear response to the customer and support their internal approval process.