+For more information about the meeting-specific RSC permissions, see [RSC permissions for a chat or meeting](../rsc/resource-specific-consent.md#rsc-permissions-for-a-chat-or-meeting).

+ Title: Grant RSC permissions to an app

+description: In this article, learn how to grant resource-specific consent (RSC) permissions, which allows team and chat owners and meeting organizers to grant consent for an app.

+ms.localizationpriority: medium

+# Grant RSC permissions to your app

+Resource-specific consent (RSC) is a Microsoft Teams and Microsoft Graph API integration that enables your app to use API endpoints to manage specific resources, either teams or chats, within an organization.

+In this section, you'll learn to:

+1. [Add RSC permissions to your Teams app](#add-rsc-permissions-to-your-teams-app)

+1. [Install your app in a team or chat](#install-your-app-in-a-team-or-chat)

+1. [Verify app RSC permission granted to your app](#verify-app-rsc-permission-granted-to-your-app)

+## Add RSC permissions to your Teams app

+To add RSC permissions to your app, follow these steps:

+1. [Register your app with Microsoft identity platform using the Azure AD portal](#register-your-app-with-microsoft-identity-platform-using-the-azure-ad-portal).

+1. [Review your application permissions in the Azure AD portal](#review-your-application-permissions-in-the-azure-ad-portal).

+1. [Update your Teams app manifest](#update-your-teams-app-manifest).

+### Register your app with Microsoft identity platform using the Azure AD portal

+The Azure Active Directory (Azure AD) portal provides a central platform for you to register and configure your apps. You must register your app in the Azure AD portal to integrate with the identity platform and call Graph APIs. For more information, see [register an app with the identity platform](/graph/auth-register-app-v2).

+> [!WARNING]

+> You mustn't share your Azure AD app ID across multiple Teams apps. There must be a 1:1 mapping between a Teams app and an Azure AD app. Attempts to install multiple Teams apps which are associated with the same Azure AD app ID will cause installation or runtime failures.

+### Review your application permissions in the Azure AD portal

+1. Open the [Azure AD portal](https://ms.portal.azure.com/) on your web browser.

+ The Azure AD portal page opens.

+1. Select **App registrations** and select your app.

+1. Select **API permissions** from the left pane.

+1. Review permissions from the list of **Configured permissions** for your app:

+ * If your app makes only RSC Graph API calls, delete all the permissions from the list of configured permissions.

+ * If your app makes non-RSC calls also, keep those permissions as required.

+> [!IMPORTANT]

+> The Azure AD portal can't be used to request RSC permissions, as they're exclusive to Teams apps installed in Teams client and are declared in the Teams app manifest (JSON) file.

+### Update your Teams app manifest

+You must declare RSC permissions in your Teams app **manifest.json** file. You don't need to add the non-RSC permissions to the app manifest as Azure AD portal stores them.

+#### Request RSC permissions for Teams app

+To request RSC permissions for an app, list the permissions that the app requires in the authorization section of the Teams app manifest. The instructions can vary based on the manifest version of the app.

+> [!NOTE]

+> For delegated permissions, use app manifest v1.12 or later.

+Whenever an authorized user installs your app within Teams, the RSC permissions requested in the appΓÇÖs manifest are shown to the user. The permissions are granted as part of the app installation process.

+<br>

+<details>

+<summary><b>RSC permissions for app manifest v1.12 or later</b></summary>

+To add RSC permission in app manifest:

+1. Add the [webApplicationInfo](../../resources/schem#webapplicationinfo) key to your app manifest with the following values:

+ |Name| Type | Description|

+ ||||

+ |`id` |String |Your Azure AD app ID. For more information, see [register your app in the Azure AD portal](grant-resource-specific-consent.md#register-your-app-with-microsoft-identity-platform-using-the-azure-ad-portal).|

+ |`resource`|String| This field has no operation in RSC but you must add a value to avoid an error response. You can add any string as value.|

+1. Add permissions needed by your app.

+ |Name| Type | Description|

+ ||||

+ |`authorization`|Object|List of permissions that the app needs to function. For more information, see [authorization in manifest](../../resources/schem#authorization). |

+ If an app is meant to support installation in both team and chat scopes, then both team and chat permissions can be specified in the same manifest under `authorization`.

+Example for RSC permissions in a team:

+```json

+"webApplicationInfo": {

+ "id": "XXxxXXXXX-XxXX-xXXX-XXxx-XXXXXXXxxxXX",

+ "resource": "https://RscBasedStoreApp"

+ },

+"authorization": {

+ "permissions": {

+ "resourceSpecific": [

+ {

+ "name": "TeamSettings.Read.Group",

+ "type": "Application"

+ },

+ {

+ "name": "TeamSettings.ReadWrite.Group",

+ "type": "Application"

+ },

+ {

+ "name": "ChannelSettings.Read.Group",

+ "type": "Application"

+ },

+ {

+ "name": "ChannelSettings.ReadWrite.Group",

+ "type": "Application"

+ },

+ {

+ "name": "Channel.Create.Group",

+ "type": "Application"

+ },

+ {

+ "name": "Channel.Delete.Group",

+ "type": "Application"

+ },

+ {

+ "name": "ChannelMessage.Read.Group",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsAppInstallation.Read.Group",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsTab.Read.Group",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsTab.Create.Group",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsTab.ReadWrite.Group",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsTab.Delete.Group",

+ "type": "Application"

+ },

+ {

+ "name": "TeamMember.Read.Group",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsActivity.Send.Group",

+ "type": "Application"

+ },

+ {

+ "name": "ChannelMeeting.ReadBasic.Group",

+ "type": "Delegated"

+ },

+ {

+ "name": "ChannelMeetingParticipant.Read.Group",

+ "type": "Delegated"

+ },

+ {

+ "name": "ChannelMeetingStage.Write.Group",

+ "type": "Delegated"

+ }

+ ]

+ }

+}

+```

+Example for RSC permissions in a chat:

+```json

+"webApplicationInfo": {

+ "id": "XXxxXXXXX-XxXX-xXXX-XXxx-XXXXXXXxxxXX",

+ "resource": "https://RscBasedStoreApp"

+ },

+"authorization": {

+ "permissions": {

+ "resourceSpecific": [

+ {

+ "name": "ChatSettings.Read.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "ChatSettings.ReadWrite.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "ChatMessage.Read.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "ChatMember.Read.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "Chat.Manage.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsTab.Read.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsTab.Create.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsTab.Delete.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsTab.ReadWrite.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsAppInstallation.Read.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "OnlineMeeting.ReadBasic.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "Calls.AccessMedia.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "Calls.JoinGroupCalls.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "TeamsActivity.Send.Chat",

+ "type": "Application"

+ },

+ {

+ "name": "MeetingStage.Write.Chat",

+ "type": "Delegated"

+ }

+ ]

+ }

+}

+```

+<br>

+</details>

+<br>

+<details>

+<summary><b>RSC permissions for app manifest v1.11 or earlier</b></summary>

+> [!NOTE]

+> It's recommended to use app manifest v1.12 or later.

+Add the [webApplicationInfo](../../resources/schem#webapplicationinfo) key to your app manifest with the following values:

+|Name| Type | Description|

+||||

+|`id` |String |Your Azure AD app ID. For more information, see [register your app in the Azure AD portal](grant-resource-specific-consent.md#register-your-app-with-microsoft-identity-platform-using-the-azure-ad-portal).|

+|`resource`|String| This field has no operation in RSC but you must add a value to avoid an error response. You can add any string as value.|

+|`applicationPermissions`|Array of strings|RSC permissions for your app. For more information, see [Supported RSC permissions](resource-specific-consent.md#supported-rsc-permissions).|

+If an app is meant to support installation in both team and chat scopes, then both team and chat permissions can be specified in the same manifest under `applicationPermissions`.

+Example for RSC permissions in a team:

+```json

+"webApplicationInfo": {

+ "id": "XXxxXXXXX-XxXX-xXXX-XXxx-XXXXXXXxxxXX",

+ "resource": "https://RscBasedStoreApp",

+ "applicationPermissions": [

+ "TeamSettings.Read.Group",

+ "TeamSettings.ReadWrite.Group",

+ "ChannelSettings.Read.Group",

+ "ChannelSettings.ReadWrite.Group",

+ "Channel.Create.Group",

+ "Channel.Delete.Group",

+ "ChannelMessage.Read.Group",

+ "TeamsAppInstallation.Read.Group",

+ "TeamsTab.Read.Group",

+ "TeamsTab.Create.Group",

+ "TeamsTab.ReadWrite.Group",

+ "TeamsTab.Delete.Group",

+ "TeamMember.Read.Group",

+ "TeamsActivity.Send.Group"

+ ]

+ }

+```

+Example for RSC permissions in a chat:

+```json

+"webApplicationInfo": {

+ "id": "XXxxXXXXX-XxXX-xXXX-XXxx-XXXXXXXxxxXX",

+ "resource": "https://RscBasedStoreApp",

+ "applicationPermissions": [

+ "ChatSettings.Read.Chat",

+ "ChatSettings.ReadWrite.Chat",

+ "ChatMessage.Read.Chat",

+ "ChatMember.Read.Chat",

+ "Chat.Manage.Chat",

+ "TeamsTab.Read.Chat",

+ "TeamsTab.Create.Chat",

+ "TeamsTab.Delete.Chat",

+ "TeamsTab.ReadWrite.Chat",

+ "TeamsAppInstallation.Read.Chat",

+ "OnlineMeeting.ReadBasic.Chat",

+ "Calls.AccessMedia.Chat",

+ "Calls.JoinGroupCalls.Chat",

+ "TeamsActivity.Send.Chat"

+ ]

+ }

+```

+<br>

+</details>

+## Install your app in a team or chat

+To install your app on which you've enabled RSC permission in a team or chat, follow these steps:

+1. Ensure that you've configured [consent settings](#configure-consent-settings) for team or chat.

+1. [Sideload your app in Teams](#sideload-your-app-in-teams).

+### Configure consent settings

+The tenant-level controls of application RSC permissions vary based on the resource type.

+For delegated permissions, any authorized user can consent to the permissions requested by the app.

+<br>

+<details>

+<summary><b>Configure group owner consent settings for RSC in a team using the Azure AD portal</b></summary>

+You can enable or disable group owner consent directly within the Azure AD portal:

+1. Sign in to the [Azure AD portal](https://portal.azure.com) as a global administrator.

+1. Select **Azure Active Directory** > **Enterprise apps** > **Consent and permissions** > [**User consent settings**](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/UserSettings).

+1. Enable, disable, or limit user consent with the control labeled **Group owner consent for apps accessing data**. By default, **Allow group owner consent for all group owners** is selected. For a team owner to install an app using RSC, enable group owner consent for that user.

+ :::image type="content" source="../../assets/images/azure-rsc-team-configuration.png" alt-text="Screenshot shows the Azure RSC team configuration.":::

+In addition, you can enable or disable group owner consent using PowerShell. Follow the steps outlined in [Configure group owner consent using PowerShell](/azure/active-directory/manage-apps/configure-user-consent-groups?tabs=azure-powershell).

+</details>

+<br>

+<details>

+<summary><b>Configure chat owner consent settings for RSC in a chat using the Graph APIs</b></summary>

+You can enable or disable RSC for chats using Graph API. The property `isChatResourceSpecificConsentEnabled` in [teamsAppSettings](/graph/api/teamsappsettings-update#example-1-enable-installation-of-apps-that-require-resource-specific-consent-in-chats-meetings) governs whether chat RSC is enabled in the tenant.

+The default value of the property `isChatResourceSpecificConsentEnabled` is based on whether [user consent settings](/azure/active-directory/manage-apps/configure-user-consent?tabs=azure-portal) is turned on or off in the tenant when RSC for chats is first used. The default value is defined either when:

+* [TeamsAppSettings](/graph/api/teamsappsettings-get) are retrieved for the first time.

+* Teams app with RSC permissions is installed in a chat or meeting.

+> [!NOTE]

+> Admin control is added to allow or block RSC consent settings based on the sensitivity of the data accessed. It isn't based on the single master switch that enables or disables consent settings for app RSC permissions for all apps in the tenant.

+<br>

+</details>

+### Sideload your app in Teams

+If your Teams admin allows custom app uploads, you can [sideload your app](~/concepts/deploy-and-publish/apps-upload.md) directly to a specific team or chat.

+## Verify app RSC permission granted to your app

+To verify the app RSC permissions, follow these steps:

+1. [Obtain an access token from the Microsoft identity platform](#obtain-an-access-token-from-the-microsoft-identity-platform).

+1. [Check the RSC permissions granted to a specific resource](#check-the-rsc-permissions-granted-to-a-specific-resource).

+### Obtain an access token from the Microsoft identity platform

+To make Graph API calls, you must obtain an access token for your app from the identity platform. Before your app can get a token from the identity platform, you must register your app in the Azure AD portal. The access token contains information about your app and its permissions for the resources and APIs available through Microsoft Graph.

+You must have the following values from the Azure AD registration process to retrieve an access token from the identity platform:

+* **Application ID**: The app ID assigned by the Azure AD portal to your app. If your app supports single sign-on (SSO), you must use the same app ID for your app and SSO.

+* **Client secret** or **Certificate**: The password for your app, or the public or private key pair that is the certificate. The client secret or certificate isn't required for native apps.

+* **Redirect URI**: The URL for your app to receive responses from Azure AD.

+For more information, see [get access on behalf of a user](/graph/auth-v2-user?view=graph-rest-1.0#3-get-a-token&preserve-view=true) and [get access without a user](/graph/auth-v2-service).

+### Check the RSC permissions granted to a specific resource

+You can check the type of RSC permission granted to a resource in the app:

+* For application RSC permissions, call the following APIs to retrieve the list of apps installed in a team or chat:

+ * [List apps in chat](/graph/api/chat-list-installedapps?view=graph-rest-1.0&tabs=http&preserve-view=true)

+ * [List apps in team](/graph/api/team-list-installedapps?view=graph-rest-1.0&tabs=http&preserve-view=true)

+ These are all the application RSC permissions granted on this specific resource. Each entry in the list can be correlated to the Teams app by matching the `clientAppId` in the permission grants list with the `webApplicationInfo.Id` property in the app's manifest.

+* Delegated RSC permissions are Teams client-only permissions. You can't retrieve the list of apps installed in a team or chat as these permissions are granted when a user interacts with the app.

+> [!IMPORTANT]

+> The RSC permissions aren't attributed to a user. Calls are made with application permissions, not user delegated permissions. The app can be allowed to perform actions that the user can't, such as deleting a tab. You must review the team owner's or chat owner's intent for your use before making RSC API calls. For more information, see [Microsoft Teams API overview](/graph/teams-concept-overview).

+After the app has been installed to a resource, you can use [Microsoft Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) to view the permissions that have been granted to the app in the resource.

+#### Check your app for added RSC permissions in a team

+1. Get the team's **groupId** from Teams.

+1. In Teams, select **Teams** from the left pane.

+1. Select the team where the app is to be installed.

+1. Select the ellipses &#x25CF;&#x25CF;&#x25CF; for that team.

+1. Select **Get link to team** from the dropdown list.

+1. Copy and save the **groupId** value from the **Get a link to the team** pop-up dialog.

+1. Sign in to **Graph Explorer**.

+1. Make a **GET** call to this endpoint: `https://graph.microsoft.com/beta/teams/{teamGroupId}/permissionGrants`.

+ The `clientAppId` field in the response must map to the `webApplicationInfo.id` specified in the Teams app manifest.

+ :::image type="content" source="../../assets/images/team-graph-permissions.png" alt-text="Screenshot shows the Graph explorer response to GET call for team RSC permissions.":::

+For more information on how to get details of the apps installed in a specific team, see [get the names and other details of apps installed in the specified team](/graph/api/team-list-installedapps#example-2-get-the-names-and-other-details-of-installed-apps).

+#### Check your app for added RSC permissions in a chat

+1. Get the chat thread ID from the Teams web client.

+1. In the Teams web client, select **Chat** from the left pane.

+1. Select the chat where you've installed the app from the dropdown list.

+1. Copy the web URL and save the chat thread ID from the string.

+ :::image type="content" source="../../assets/images/chat-thread-id.png" alt-text="Screenshot shows the Chat thread ID from web URL.":::

+1. Sign in to **Graph Explorer**.

+1. Make a **GET** call to the following endpoint: `https://graph.microsoft.com/beta/chats/{chatId}/permissionGrants`.

+ The `clientAppId` field in the response must map to the `webApplicationInfo.id` specified in the Teams app manifest.

+ :::image type="content" source="../../assets/images/chat-graph-permissions.png" alt-text="Screenshot shows the Graph explorer response to GET call for chat RSC permissions.":::

+For more information on how to get details of apps installed in a specific chat, see [get the names and other details of apps installed in the specified chat](/graph/api/chat-list-installedapps#example-2-get-the-names-and-other-details-of-apps-installed-in-the-specified-chat).

+## Code sample

+| **Sample name** | **Description** | **.NET** |**Node.js** | **Manifest**|

+|--|--|-|-|-|

+| Resource-Specific Consent (RSC) | This sample code describes the process to use RSC to call Graph APIs. | [View](https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/graph-rsc/csharp)|[View](https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/graph-rsc/nodeJs)|[View](https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/graph-rsc/csharp/demo-manifest/graph-rsc.zip)|

+## See also

+* [Test resource-specific consent permissions in Teams](test-resource-specific-consent.md)

+* [Resource-specific consent in Microsoft Teams for admins](/MicrosoftTeams/resource-specific-consent)

+* [Group owner consent](/azure/active-directory/manage-apps/configure-user-consent-groups?tabs=azure-portal)

+* [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator&preserve-view=true)

+ Title: Overview resource-specific consent in Teams

+description: In this article, learn about resource-specific consent (RSC) permissions, types of RSC and supported RSC permissions.

+# Resource-specific consent for your Teams app

+Resource-specific consent (RSC) is an authorization framework built by Microsoft Teams and Microsoft identity platform that allows for granting scoped access to an app.

+Through RSC, an authorized user can give an app access to the data of a specific instance of a resource type. They don't need to give app access to every instance of the resource type in the entire tenant.

+For example, a person who owns both team A and team B can decide to give Contoso app access to the data of only team A and not team B. The same concept of scoped data access applies to chats and meetings as well.

+RSC permissions are categorized based on:

+1. The resource type on which data access is being granted:

+ * Teams (and the channels within those teams)

+ * Chats (and meetings associated with those chats)

+ * Users

+1. The mode of data access:

+ * Application: The app accesses data without the presence of a signed-in user.

+ * Delegated: The app accesses data in the context of a signed-in users session only. No access is allowed in the absence of a signed-in user.

+| &nbsp; | Application context RSC permissions | Delegated context RSC permissions |

+| - | :-: | :-: |

+| **Resource type** | &nbsp; | &nbsp; |

+| Team | ✔️ | ✔️ |

+| Chat or meeting | ✔️ | ✔️ |

+| User | NA | ✔️ |

+In this section, you'll learn more about:

+* [Types of RSC permissions](#types-of-rsc-permissions)

+* [Supported RSC permissions](#supported-rsc-permissions)

+* [Grant RSC permissions to an app](grant-resource-specific-consent.md)

+## Types of RSC permissions

+Use RSC permissions to determine the data access methods for your app. A user's ability to grant RSC permissions varies based on resource types and access modes. The following are the types of RSC permissions for an app based on access mode:

+* **Application context RSC permissions (application permission)**: This type of RSC permission allows an app to access data without the user being signed in. Only resource owners can grant application RSC permissions.

+ > [!NOTE]

+ > Application RSC permissions for chat scope are available in [public developer preview](../../resources/dev-preview/developer-preview-intro.md) only.

+* **Delegated context RSC permissions (delegated permission)**: This type of RSC permission allows an app to access data only on behalf of a signed-in user. No access is allowed in the absence of a signed-in user. Only authorized users can install an app in a specific scope. They can also grant any delegated RSC permissions that the app requests in that specific scope at app installation. For example, if regular members have the permission to install an app inside a team, then they can also grant delegated RSC permission to the app in that specific team.

+### RSC-based data access APIs

+Microsoft Graph SDK, Microsoft Bot Framework SDK, and Microsoft TeamsJS client library support fine-grained data access through RSC. The supported modes and resource types vary across the API surfaces.

+| RSC mode or type | Supported SDKs | App manifest version | Resource types | RSC-related controls for the entire tenant | Who can consent to RSC permissions? |

+|||||||

+|Application| ΓÇó Microsoft Graph <br> ΓÇó Microsoft Bot Framework | >=v1.6 | Teams, chats, and meetings | ΓÇó Microsoft Graph-based controls for chats and meetings <br> ΓÇó Azure Active Directory (Azure AD) portal-based controls for Teams |ΓÇó Team: A team owner <br> ΓÇó Chat: A chat member <br> ΓÇó Meeting: A meeting organizer or presenter |

+| Delegated | Microsoft Teams Client | >=v1.12 | Teams, chats, meetings, and users | Always on | Any user authorized to install an app in the specific scope. |

+## Supported RSC permissions

+The following list provides all the RSC permissions categorized based on resource type and access mode:

+* [RSC permissions for a team](#rsc-permissions-for-a-team): Includes the channels within a team.

+* [RSC permissions for a chat or meeting](#rsc-permissions-for-a-chat-or-meeting): Includes the meetings associated with the chats.

+* [RSC permissions for user access](#rsc-permissions-for-user-access): Includes permission for users to access different resources.

+> The features associated with some permissions listed here might not be generally available (GA).

+### RSC permissions for a team

+The following table provides RSC application permissions for a team:

+| Permission name | Action |

+| -- | -- |

+|`Channel.Create.Group`|Create channels in the team. |

+|`Channel.Delete.Group`|Delete this team's channels. |

+|`ChannelMeeting.ReadBasic.Group`|Read the basic properties of the channel meetings in this team.|

+|`ChannelMeetingParticipant.Read.Group`|Read the participant information including name, role, ID, join and left time of channel meetings associated with this team.|

+|`ChannelMeetingRecording.Read.Group`|Read the recordings of all channel meetings associated with this team.|

+|`ChannelMeetingTranscript.Read.Group`|Read the transcripts of all channel meetings associated with this team.|

+|`ChannelMeetingNotification.Send.Group`|Send notifications in all the channel meetings associated with this team.|

+|`ChannelMessage.Read.Group`|Read this team's channel messages. |

+|`ChannelMessage.Send.Group`|Send messages to this team's channels.|

+|`ChannelSettings.Read.Group`| Read the names, descriptions, and settings of this team's channelsΓÇï.|

+|`ChannelSettings.ReadWrite.Group`|Update the names, descriptions, and settings of this team's channels.ΓÇï|

+|`Member.Read.Group`|Read this group's members.|

+|`Owner.Read.Group`|Read this group's owners.|

+|`TeamsActivity.Send.Group`|Send activity feed notifications to users in this team. |

+|`TeamsAppInstallation.Read.Group`|Read the apps that are installed in this team.|

+|`TeamMember.Read.Group`|Read this team's members. |

+|`TeamSettings.Read.Group` | Read this team's settings.|

+|`TeamSettings.ReadWrite.Group`|Read and write this team's settings.|

+|`TeamsTab.Create.Group`|Create tabs in this team. |

+|`TeamsTab.Delete.Group`|Delete this team's tabs. |

+|`TeamsTab.Read.Group`|Read this team's tabs.|

+|`TeamsTab.ReadWrite.Group`|Manage this team's tabs. |

+The following table provides RSC delegated permissions for a team:

+| Permission name | Action |

+| -- | -- |

+|`ChannelMeetingActiveSpeaker.Read.Group`|Reading the participants who are currently sending audio into the channel meetings associated with this team.|

+|`ChannelMeetingAudioVideo.Stream.Group`|Stream audio-video content of channel meetings associated with this team.|

+`ChannelMeetingIncomingAudio.Detect.Group`|Detect incoming audio in channel meetings associated with this team.|

+|`ChannelMeetingStage.Write.Group`|Show content on the meeting stage of channel meetings associated with this team.|

+|`InAppPurchase.Allow.Group`|Show and complete in-app purchases for users in this team.|

+|`LiveShareSession.ReadWrite.Group`| Create and synchronize Live Share sessions for meetings associated with this team. |

+|`MeetingParticipantReaction.Read.Group`| Read reactions of participants in channel meetings associated with this team.|

+For more information, see [team resource-specific consent permissions](/graph/permissions-reference#team-resource-specific-consent-permissions).

+### RSC permissions for a chat or meeting

+If a chat has a meeting or a call associated with it, then the relevant RSC permissions apply to those resources as well.

+The following table provides RSC application permissions for a chat or meeting:

+| Permission name | Action |

+| -- | -- |

+| `Calls.AccessMedia.Chat` | Access media streams in calls associated with this chat or meeting. |

+| `Calls.JoinGroupCalls.Chat` | Join calls associated with this chat or meeting. |

+| `ChatSettings.Read.Chat`| Read this chat's settings.|

+| `ChatSettings.ReadWrite.Chat`| Read and write this chat's settings. |

+| `ChatMessage.Read.Chat` | Read this chat's messages.|

+| `ChatMessage.Send.Chat` | Send messages to this chat. |

+| `ChatMessageReadReceipt.Read.Chat` | Read the ID of the last seen message in this chat. |

+| `ChatMember.Read.Chat` | Read this chat's members. |

+| `Chat.Manage.Chat` | Manage this chat. |

+| `TeamsTab.Read.Chat`| Read this chat's tabs. |

+| `TeamsTab.Create.Chat` | Create tabs in this chat. |

+| `TeamsTab.Delete.Chat` | Delete this chat's tabs. |

+| `TeamsTab.ReadWrite.Chat` | Manage this chat's tabs. |

+| `TeamsAppInstallation.Read.Chat` | Read the apps that are installed in the chat. |

+| `TeamsActivity.Send.Chat` | Send activity feed notifications to users in this chat. |

+| `OnlineMeetingTranscript.Read.Chat` | Read the transcripts of the meeting associated with this chat. |

+| `OnlineMeetingParticipant.Read.Chat` | Read the participants of the meetings associated with this chat.|

+| `OnlineMeeting.ReadBasic.Chat` | Read basic properties of meetings associated with this chat, such as name, schedule, organizer, join link, and start or end notifications. |

+| `OnlineMeetingRecording.Read.Chat` | Read the recordings of the meetings associated with this chat. |

+| `OnlineMeetingNotification.Send.Chat` | Send notifications in the meetings associated with this chat. |

+The following table provides RSC delegated permissions for a chat or meeting:

+| Permission name | Action |

+| -- | -- |

+| `InAppPurchase.Allow.Chat` | Show and complete in-app purchases for users in this chat and any associated meetings. |

+| `LiveShareSession.ReadWrite.Chat` | Create and synchronize Live Share sessions for meetings associated with this chat. |

+| `MeetingStage.Write.Chat` | Show content on the meeting stage of meetings associated with this chat. |

+| `MeetingParticipantReaction.Read.Chat` | Read the reactions of participants in meetings associated with this chat. |

+| `OnlineMeetingIncomingAudio.Detect.Chat` | Detect incoming audio in meetings associated with this chat. |

+| `OnlineMeetingActiveSpeaker.Read.Chat` | Read the participants who are currently sending audio into the meetings associated with this chat. |

+| `OnlineMeetingAudioVideo.Stream.Chat` | Stream audio-video content of meetings associated with this chat. |

+| `OnlineMeetingParticipant.Read.Chat` | Read participant information, including name, role, ID, joined and left times, of meetings associated with this chat.|

+| `OnlineMeetingParticipant.ToggleIncomingAudio.Chat` | Toggle incoming audio for participants in meetings associated with this chat. |

+For more information, see [chat resource-specific consent permissions](/graph/permissions-reference#chat-resource-specific-consent-permissions).

+> [!TIP]

+> RSC permissions are available only to Teams apps installed on the Teams client and not part of the Azure AD portal. If you want to know the RSC permissions associated with an app, see app installation or app information dialog within Teams client.

+### RSC permissions for user access

+You can give the following delegated RSC permissions to your app, which allows users to access different resources:

+| Permission name | Action |

+| -- | -- |

+| `CameraStream.Read.User`| Read the user's camera stream. |

+| `InAppPurchase.Allow.User` | Show and complete in-app purchases. |

+| `MicrophoneStream.Read.User` | Read the user's microphone stream. |

+| `MeetingParticipantReaction.Read.User` | Read the user's reactions while participating in a meeting. |

+| `OutgoingVideoStream.Write.User` | Modify the user's outgoing video. |

+## Next step

+> [!div class="nextstepaction"]

+> [Grant RSC permissions to an app](grant-resource-specific-consent.md)

+* [App manifest schema for Teams](../../resources/schem)

+* [Permissions in Teams app](../App-permissions/Teams-app-permissions.md)

+Resource-specific consent (RSC) is an authorization framework built by Microsoft Teams and Microsoft identity that allows for granting scoped access to an application.

+Through RSC, an authorized user can give an application access to the data of a specific instance of a resource type instead of every instance in the entire tenant. For example, a person who owns both team A and team B can decide to give the data for the Contoso app to only team A and not team B. The same concept of scoped data access applies to chats and meetings. For more information, see [Resource-specific consent (RSC)](resource-specific-consent.md).

+|`id` |String |Your Azure AD app ID. For more information, see [register your app in the Azure AD portal](grant-resource-specific-consent.md#register-your-app-with-microsoft-identity-platform-using-the-azure-ad-portal).|

+|`id` |String |Your Azure AD app ID. For more information, see [register your app in the Azure AD portal](grant-resource-specific-consent.md#register-your-app-with-microsoft-identity-platform-using-the-azure-ad-portal).|

+|`applicationPermissions`|Array of strings|RSC permissions for your app. For more information, see [Supported RSC permissions](resource-specific-consent.md#supported-rsc-permissions).|

+* `teamGroupId`: You can get the team group ID from the Teams client as follows:

+* `chatId`: You can get the chat thread ID from the Teams *web* client as follows:

+ 3. Copy the web URL and save the chat thread ID from the string.

+- The current version the Visual Studio IDE with the **ASP.NET and web development** workload installed. If you don't already have Visual Studio, you can download and install the latest [Microsoft Visual Studio Community](https://visualstudio.microsoft.com/downloads) version for free.

+**Optional** ΓÇö object

+> [!NOTE]

+> `authorization` is only supported for manifest version 1.12 or later.

+|`permissions`|NA|NA|NA|List of permissions that the app needs to function.|

+|`resourceSpecific`| array of objects|16 items|NA|Permissions that guard data access on resource instance level.|

+|`type`|string|NA|✔️| The type of the resource-specific consent (RSC) permission. Options: `Application` and `Delegated`.|

+|`name`|string|128 characters|✔️|The name of the RSC permission. For more information, see [RSC application permissions](#rsc-application-permissions) and [RSC delegated permissions](#rsc-delegated-permissions)|

+#### RSC application permissions

+Application permissions allow the app to access data without a signed-in user. For information on application permissions, see [RSC permissions for Microsoft Graph and Microsoft BotSDK](../../graph-api/rsc/resource-specific-consent.md).

+#### RSC delegated permissions

+* **RSC delegated permissions for a team**

+ |`ChannelMeetingIncomingAudio.Detect.Group`| Allows the app to detect incoming audio in channel meetings associated with the team. |

+ | `ChannelMeetingActiveSpeaker.Read.Group`| Allows the app to read the participants who are currently sending audio into the channel meetings associated with the team.|

+ |`ChannelMeetingAudioVideo.Stream.Group`| Allows the app to stream audio-video content from channel meetings associated with the team. |

+ |`InAppPurchase.Allow.Group`| Allows the app to show marketplace offers to users in the team and complete their purchases within the app, on behalf of the signed-in user.|

+ |`ChannelMeetingStage.Write.Group`| Allows the app to show content on the meeting stage in channel meetings associated with the team, on behalf of the signed-in user.|

+ |`LiveShareSession.ReadWrite.Group`|Allows the app to create and synchronize Live Share sessions for meetings associated with the team, and access related information about the meeting's roster, such as member's meeting role, on behalf of the signed-in user.|

+ |`MeetingParticipantReaction.Read.Group`| Allows the app to read reactions of participants in channel meetings associated with the team.|

+* **RSC delegated permissions for chats or meetings**

+ |`InAppPurchase.Allow.Chat`|Allows the app to show marketplace offers to the users in the chat, and any associated meeting, and complete their purchases within the app, on behalf of the signed-in user.|

+ |`MeetingStage.Write.Chat`|Allows the app to show content on the meeting stage in meetings associated with the chat, on behalf of the signed-in user.|

+ |`OnlineMeetingParticipant.Read.Chat`|Allows the app to read participant information, including name, role, id, joined, and left times, of meeting associated with the chat, on behalf of the signed-in user.|

+ |`OnlineMeetingParticipant.ToggleIncomingAudio.Chat`|Allows the app to toggle incoming audio for participants in meetings associated with the chat, on behalf of the signed-in user.|

+ |`LiveShareSession.ReadWrite.Chat`|Allows the app to create and synchronize Live Share sessions for meetings associated with the chat, and access related information about the meeting's roster, such as member's meeting role, on behalf of the signed-in user.|

+ |`MeetingParticipantReaction.Read.Chat`| Allows the app to read reactions of participants in meetings associated with the chat.|

+ |`OnlineMeetingIncomingAudio.Detect.Chat`|Allows the app to detect changes in the status of incoming audio in meetings associated with the chat, on behalf of the signed-in user.|

+ |`OnlineMeetingActiveSpeaker.Read.Chat`| Allows the app to read participants who are currently sending audio into the meetings associated with the chat.|

+ |`OnlineMeetingAudioVideo.Stream.Chat`| Allows the app to stream audio-video content of meetings associated with the chat.|

+* **RSC delegated permissions for users**

+ |`CameraStream.Read.User`|Allows the app to read user's camera stream.|

+ |`OutgoingVideoStream.Write.User`| Allows the app to modify the user's outgoing video.|

+ |`MicrophoneStream.Read.User`| Allows the app to read user's microphone stream.|

+ |`MeetingParticipantReaction.Read.User`| Allows the app to read user's reactions while participating in a meeting.|

+> `authorization` is only supported for manifest version 1.12 or later.

+|`permissions`|NA|NA|NA|List of permissions that the app needs to function.|

+|`resourceSpecific`| array of objects|16 items|NA|Permissions that guard data access on resource instance level.|

+|`type`|string|NA|✔️| The type of the resource-specific consent (RSC) permission. Options: `Application` and `Delegated`.|

+|`name`|string|128 characters|✔️|The name of the RSC permission. For more information, see [RSC application permissions](#rsc-application-permissions) and [RSC delegated permissions](#rsc-delegated-permissions)|

+#### RSC application permissions

+Application permissions allow the app to access data without a signed-in user. For information on application permissions, see [RSC permissions for Microsoft Graph and Microsoft BotSDK](../../graph-api/rsc/resource-specific-consent.md).

+#### RSC delegated permissions

+* **RSC delegated permissions for a team**

+ |`ChannelMeetingIncomingAudio.Detect.Group`| Allows the app to detect incoming audio in channel meetings associated with the team. |

+ | `ChannelMeetingActiveSpeaker.Read.Group`| Allows the app to read the participants who are currently sending audio into the channel meetings associated with the team.|

+ |`ChannelMeetingAudioVideo.Stream.Group`| Allows the app to stream audio-video content from channel meetings associated with the team. |

+ |`InAppPurchase.Allow.Group`| Allows the app to show marketplace offers to users in the team and complete their purchases within the app, on behalf of the signed-in user.|

+ |`ChannelMeetingStage.Write.Group`| Allows the app to show content on the meeting stage in channel meetings associated with the team, on behalf of the signed-in user.|

+ |`LiveShareSession.ReadWrite.Group`|Allows the app to create and synchronize Live Share sessions for meetings associated with the team, and access related information about the meeting's roster, such as member's meeting role, on behalf of the signed-in user.|

+ |`MeetingParticipantReaction.Read.Group`| Allows the app to read reactions of participants in channel meetings associated with the team.|

+* **RSC delegated permissions for chats or meetings**

+ |`InAppPurchase.Allow.Chat`|Allows the app to show marketplace offers to the users in the chat, and any associated meeting, and complete their purchases within the app, on behalf of the signed-in user.|

+ |`MeetingStage.Write.Chat`|Allows the app to show content on the meeting stage in meetings associated with the chat, on behalf of the signed-in user.|

+ |`OnlineMeetingParticipant.Read.Chat`|Allows the app to read participant information, including name, role, id, joined, and left times, of meeting associated with the chat, on behalf of the signed-in user.|

+ |`OnlineMeetingParticipant.ToggleIncomingAudio.Chat`|Allows the app to toggle incoming audio for participants in meetings associated with the chat, on behalf of the signed-in user.|

+ |`LiveShareSession.ReadWrite.Chat`|Allows the app to create and synchronize Live Share sessions for meetings associated with the chat, and access related information about the meeting's roster, such as member's meeting role, on behalf of the signed-in user.|

+ |`MeetingParticipantReaction.Read.Chat`| Allows the app to read reactions of participants in meetings associated with the chat.|

+ |`OnlineMeetingIncomingAudio.Detect.Chat`|Allows the app to detect changes in the status of incoming audio in meetings associated with the chat, on behalf of the signed-in user.|

+ |`OnlineMeetingActiveSpeaker.Read.Chat`| Allows the app to read participants who are currently sending audio into the meetings associated with the chat.|

+ |`OnlineMeetingAudioVideo.Stream.Chat`| Allows the app to stream audio-video content of meetings associated with the chat.|

+* **RSC delegated permissions for users**

+ |`CameraStream.Read.User`|Allows the app to read user's camera stream.|

+ |`OutgoingVideoStream.Write.User`| Allows the app to modify the user's outgoing video.|

+ |`MicrophoneStream.Read.User`| Allows the app to read user's microphone stream.|

+ |`MeetingParticipantReaction.Read.User`| Allows the app to read user's reactions while participating in a meeting.|

+| &nbsp; | [Visual Studio 2022](https://visualstudio.microsoft.com), **ASP.NET and web development** workload| .NET. You can install the free community edition of Visual Studio 2022. |