Permissions and data access for Ops Swarmer
Ops Swarmer uses a minimal and scoped permission model to enable collaboration, automate participant management, and generate insights. Permissions are restricted to specific user actions or chats where the bot is present, ensuring controlled and secure data access.
The permission model described in this topic applies in the following scenarios:
- When BMC HelixGPT version 26.1.01 or later is in use
- When the enableRequestOpsSwarmer parameter in the AR System Configuration Generic UI form is set to true.
Ops Swarmer permissions
To support automation and collaboration use cases, the Ops Swarmer requires a defined set of minimum permissions. Microsoft Teams supports the following two types of permissions:
- Delegated permissions: Permissions used when the application performs actions on behalf of a signed‑in user
- Application permissions: Permissions that allow the application to run in the background by using a Bot ID or Client ID and client secret, without requiring a signed‑in user.
The bot configuration includes two primary permission areas:
- Permissions configured in the Microsoft Azure Portal
- Permissions configured in the Microsoft Teams Developer Portal
Permissions in Microsoft Azure Portal
Administrator consent is required to configure these permissions.
These permissions are configured in the Azure portal and are primarily used to launch the Ops Swarmer bot from the Smart IT UI.
Delegated permissions are granted on a per‑user, per‑tenant basis when a user launches Ops Swarmer for the first time.
| Permission | Type | Description | Ops Swarmer use case |
| User.Read | Delegated | Read signed-in user's profile | Retrieves the user's name, ID, and email |
| Chat.Create | Delegated | Create group chats | Initiates a new group chat from the Smart‑IT interface |
| User.ReadBasic.All | Delegated | Read users' basic information | Finds and adds members to the chat during initial launch |
| TeamsAppInstallation.ReadWriteAndConsentForChat | Delegated | Install, upgrade, uninstall Teams apps and consent to resource-specific permissions | Allows the bot to manage its own installation and updates within chats |
| AppCatalog.Read.All | Delegated | Read the Teams app catalog | Reads the bot’s Resource-Specific Consent (RSC) permissions |
| ChatMember.ReadWrite | Delegated | Add and remove chat members on behalf of the user | Adds members to chats launched from the Smart‑IT interface |
| User.ReadBasic.All | Application | Read basic user profiles | Identifies user name and email when adding members automatically in the background |
MS Teams application permissions
These permissions are configured in the Microsoft Teams Developer Portal and are limited to chats where the Ops Swarmer is added as a participant. The bot cannot access any chat in which it is not a member.
| Permission | Type | Description | Ops Swarmer use case |
| ChatSettings.Read.Chat | Application | Read chat settings | Reads the chat title, which typically contains the Incident ID used as default swarm context |
| ChatMessage.Read.Chat | Application | Read chat messages | Generates AI‑driven summaries of chat conversations |
| ChatMember.Read.Chat | Application | Read chat member information | Identifies current participants to prevent duplicate invitations |
| Chat.Manage.Chat | Application | Add members to chat | Automatically adds recommended experts to the swarm |
| OnlineMeetingTranscript.Read.Chat | Application | Read meeting transcripts | Generates summaries of recorded online meetings |
| OnlineMeeting.ReadBasic.Chat | Application | Read basic meeting properties | Reads meeting metadata such as organizer, join link, and meeting times |
| OnlineMeetingParticipant.Read.Chat | Application | Read meeting participants | Identifies meeting attendees and join/leave times for reporting |
Data shared with Microsoft Teams
The Ops Swarmer reads specific data from Microsoft Teams to provide recommendations and summaries. The following data is accessed:
- Group chat messages: Used to generate concise summaries of troubleshooting progress.
- Online meeting transcripts: Used to create summaries for users who did not attend the meeting.
- Basic user information (ID, name, and email): Used for member management and to ensure the correct experts are added to the appropriate incidents.
Related topic