-description: In this article, learn how to grant resource-specific consent (RSC) permissions, which allows team and chat owners and meeting organizers to grant consent for an app.

-Resource-specific consent (RSC) is a Microsoft Teams and Microsoft Graph API integration that enables your app to use API endpoints to manage specific resources, either teams or chats, within an organization.

-1. [Install your app in a team or chat](#install-your-app-in-a-team-or-chat)

-> You mustn't share your Azure AD app ID across multiple Teams apps. There must be a 1:1 mapping between a Teams app and an Azure AD app. Attempts to install multiple Teams apps which are associated with the same Azure AD app ID will cause installation or runtime failures.

-## Install your app in a team or chat

-To install your app on which you've enabled RSC permission in a team or chat, follow these steps:

-1. Ensure that you've configured [consent settings](#configure-consent-settings) for team or chat.

-> Admin control is added to allow or block RSC consent settings based on the sensitivity of the data accessed. It isn't based on the single master switch that enables or disables consent settings for app RSC permissions for all apps in the tenant.

-If your Teams admin allows custom app uploads, you can [sideload your app](~/concepts/deploy-and-publish/apps-upload.md) directly to a specific team or chat.

-* For application RSC permissions, call the following APIs to retrieve the list of apps installed in a team or chat:

-RSC permissions are categorized based on:

- * Delegated: The app accesses data in the context of a signed-in users session only. No access is allowed in the absence of a signed-in user.

-| User | NA | ✔️ |

-* **Application context RSC permissions (application permission)**: This type of RSC permission allows an app to access data without the user being signed in. Only resource owners can grant application RSC permissions.

-* **Delegated context RSC permissions (delegated permission)**: This type of RSC permission allows an app to access data only on behalf of a signed-in user. No access is allowed in the absence of a signed-in user. Only authorized users can install an app in a specific scope. They can also grant any delegated RSC permissions that the app requests in that specific scope at app installation. For example, if regular members have the permission to install an app inside a team, then they can also grant delegated RSC permission to the app in that specific team.

-The version of the specific app. If you update something in your manifest, the version must be incremented as well. This way, when the new manifest is installed, it overwrites the existing one and the user will get the new functionality. If this app was submitted to the store, the new manifest has to be resubmitted and revalidated. Then, users of this app will get the new updated manifest automatically in a few hours, after it's approved.

-|`name`|String|128 characters|✔️|The display name of the tab in the channel interface.|

-|`scopes`|Array of enum|1|✔️|Static tabs support the `personal`, `team` and `groupChat` scopes, which means it can be provisioned as part of the personal, group chat, and channel meetings experience.|

-|`type`|string|32 characters|✔️|The notification type. *See below*.|

-|`description`|string|128 characters|✔️|A brief description of the notification. *See below*.|

-**Required**ΓÇöstring

-**Required**ΓÇöstring

-**Required**ΓÇöobject

-**Required**ΓÇöobject

-**Required**ΓÇöobject

-**Optional**ΓÇöobject

-**Required**ΓÇöobject

-**Optional**ΓÇöarray

-|`configurationUrl`|string|2048 characters|✔️|The https:// URL to use when configuring the tab.|

-|`scopes`|array of enums|2|✔️|Currently, configurable tabs support only the `team` and `groupChat` scopes. |

-|`meetingSurfaces`|array of enums|2||The set of `meetingSurfaceItem` scopes where a [tab is supported](../../tabs/how-to/access-teams-context.md). Default: **[sidepanel, stage]**. |

-|`context` |array of enums|8||The set of `contextItem` scopes where a [tab is supported](../../tabs/how-to/access-teams-context.md). Accepted value: **[personalTab, channelTab, privateChatTab, meetingChatTab, meetingDetailsTab, meetingSidePanel, meetingStage, callingSidepanel]**.|

-|`sharePointPreviewImage`|string|2048||A relative file path to a tab preview image for use in SharePoint. Size 1024x768. |

-|`supportedSharePointHosts`|array of enums|2||Defines how your tab is made available in SharePoint. Options are `sharePointFullPage` and `sharePointWebPart`. |

-**Optional**ΓÇöarray

-|`entityId`|string|64 characters|✔️|A unique identifier for the entity that the tab displays.|

-|`name`|string|128 characters||The display name of the tab in the channel interface.|

-|`contentUrl`|string|2048 characters||The https:// URL that points to the entity UI to be displayed in the Teams canvas.|

-|`contentBotId`|string|128 characters||The Microsoft app ID specified for the bot in the [Bot Framework portal](https://dev.botframework.com/bots).|

-|`websiteUrl`|string|2048 characters||The https:// URL to point to if a user opts to view in a browser.|

-|`searchUrl`|string|2048 characters||The https:// URL to point to for a user's search queries.|

-|`scopes`|array of enums|3|✔️| Currently, static tabs support only the `personal` scope, which means it can be provisioned only as part of the personal experience.|

-|`context` | array of enums| 8|| The set of `contextItem` scopes where a [tab is supported](../../tabs/how-to/access-teams-context.md). Default: **[personalTab, channelTab, privateChatTab, meetingChatTab, meetingDetailsTab, meetingStage, meetingSidepanel, teamLevelApp]**.|

-> The searchUrl feature is not available for the third-party developers.

-> If your tabs require context-dependent information to display relevant content or for initiating an authentication flow, For more information, see [Get context for your Microsoft Teams tab](../../tabs/how-to/access-teams-context.md).

-**Optional**ΓÇöarray

-|`botId`|string|128 characters|✔️|The unique Microsoft app ID for the bot as registered with the Bot Framework. The ID can be the same as the overall [app ID](#id).|

-|`scopes`|array of enums|3|✔️|Specifies whether the bot offers an experience in the context of a channel in a `team`, in a group chat (`groupChat`), or an experience scoped to an individual user alone (`personal`). These options are non-exclusive.|

-|`items.scopes`|array of enums|3|✔️|Specifies the scope for which the command list is valid. Options are `team`, `personal`, and `groupChat`.|

-|`items.commands`|array of objects|10|✔️|An array of commands the bot supports:<br>`title`: the bot command name (string, 32)<br>`description`: a simple description or example of the command syntax and its argument (string, 128).|

-|title|string|32|✔️|The bot command name.|

-|description|string|128 characters|✔️|A simple text description or an example of the command syntax and its arguments.|

-**Optional**ΓÇöarray

-|`configurationUrl`|string|2048 characters| |The https:// URL to use when configuring the connector.|

-|`scopes`|array of enums|1|✔️|Specifies whether the Connector offers an experience in the context of a channel in a `team`, or an experience scoped to an individual user alone (`personal`). Currently, only the `team` scope is supported.|

-|`connectorId`|string|64 characters|✔️|A unique identifier for the Connector that matches its ID in the [Connectors Developer Dashboard](https://aka.ms/connectorsdashboard).|

-**Optional**ΓÇöarray

-|`botId`|string|128 characters|✔️|The unique Microsoft app ID for the bot that backs the message extension, as registered with the Bot Framework. The ID can be the same as the overall App ID.|

-|`commands`|array of objects|10|✔️|Array of commands the message extension supports.|

-|`messageHandlers`|array of Objects|5||A list of handlers that allow apps to be invoked when certain conditions are met.|

-|`messageHandlers.type`|string|||The type of message handler. Must be `"link"`.|

-|`messageHandlers.value.domains`|array of Strings|2048 characters||Array of domains that the link message handler can register for.|

-|`id`|string|64 characters|✔️|The ID for the command.|

-|`title`|string|32 characters|✔️|The user-friendly command name.|

-|`type`|string|||Type of the command. One of `query` or `action`. Default: **query**.|

-|`description`|string|128 characters||The description that appears to users to indicate the purpose of this command.|

-|`context`|array of Strings|3||Defines where the message extension can be invoked from. Any combination of`compose`,`commandBox`,`message`. Default is `["compose","commandBox"]`.|

-|`taskInfo`|object|||Specify the task module to pre-load when using a message extension command.|

-|`taskInfo.title`|string|64 characters||Initial dialog title.|

-|`taskInfo.width`|string|||Dialog width - either a number in pixels or default layout such as 'large', 'medium', or 'small'.|

-|`taskInfo.height`|string|||Dialog height - either a number in pixels or default layout such as 'large', 'medium', or 'small'.|

-|`taskInfo.url`|string|||Initial webview URL.|

-|`parameters`|array of object|5 items|✔️|The list of parameters the command takes. Minimum: 1; maximum: 5.|

-|`parameters.name`|string|64 characters|✔️|The name of the parameter as it appears in the client. The parameter name is included in the user request.|

-|`parameters.title`|string|32 characters|✔️|User-friendly title for the parameter.|

-|`parameters.description`|string|128 characters||User-friendly string that describes this parameterΓÇÖs purpose.|

-|`parameters.value`|string|512 characters||Initial value for the parameter. Currently the value isn't supported|

-|`parameters.inputType`|string|||Defines the type of control displayed on a task module for`fetchTask: false` . Input value can only be one of `text, textarea, number, date, time, toggle, choiceset` .|

-|`parameters.choices`|array of objects|10 items||The choice options for the`choiceset`. Use only when`parameter.inputType` is `choiceset`.|

-|`parameters.choices.title`|string|128 characters|✔️|Title of the choice.|

-|`parameters.choices.value`|string|512 characters|✔️|Value of the choice.|

-**Optional**ΓÇöarray of strings

-**Optional**ΓÇöarray of strings

-**Optional**ΓÇöobject

-|`id`|string|128 characters|✔️|Azure AD application ID of the app. This ID must be a GUID.|

-|`resource`|string|2048 characters||Resource URL of app for acquiring auth token for SSO. </br> **NOTE:** If you aren't using SSO, ensure that you enter a dummy string value in this field to your app manifest, for example, `https://example` to avoid an error response. |

-**Optional**ΓÇöobject

-|`notificationUrl`|string|2048 characters|✔️|The url where Graph-connector notifications for the application should be sent.|

-**Optional**ΓÇöobject

-|`activityTypes`|array of Objects|128 items| | Provide the types of activities that your app can post to a users activity feed.|

-|`type`|string|32 characters|✔️|The notification type. *See below*.|

-|`description`|string|128 characters|✔️|A brief description of the notification. *See below*.|

-|`templateText`|string|128 characters|✔️|Ex: "{actor} created task {taskId} for you"|

-**Optional**ΓÇöstring

-**Optional**ΓÇöobject

-|`team`|string|||When the install scope selected is `team`, this field specifies the default capability available. Options: `tab`, `bot`, or `connector`.|

-|`groupChat`|string|||When the install scope selected is `groupChat`, this field specifies the default capability available. Options: `tab`, `bot`, or `connector`.|

-|`meetings`|string|||When the install scope selected is `meetings`, this field specifies the default capability available. Options: `tab`, `bot`, or `connector`.|

-**Optional**ΓÇöarray

-**Optional**ΓÇöarray

-**Optional**ΓÇöstring

-**Optional**ΓÇöobject

-**Optional**ΓÇöobject

-|`id`|string | 128 characters|✔️| The unique identifier for the scene. This id must be a GUID. |

-|`name`| string | 128 characters |✔️| The name of the scene. |

-|`file`|string|2048 characters|✔️| The relative file path to the scenes' metadata json file. |

-|`preview`|string|2048 characters|✔️| The relative file path to the scenes' PNG preview icon. |

-|`maxAudience`| integer | 50 |✔️| The maximum number of audiences supported in the scene. |

-|`seatsReservedForOrganizersOrPresenters`| integer | 50 |✔️| The number of seats reserved for organizers or presenters.|

-**Optional**ΓÇöobject

-|`permissions`|NA|NA|NA|List of permissions that the app needs to function.|

-|`resourceSpecific`| array of objects|16 items|NA|Permissions that guard data access on resource instance level.|

-|`type`|string|NA|✔️| The type of the resource-specific consent (RSC) permission. Options: `Application` and `Delegated`.|

-|`name`|string|128 characters|✔️|The name of the RSC permission. For more information, see [RSC application permissions](#rsc-application-permissions) and [RSC delegated permissions](#rsc-delegated-permissions)|

-> * Adaptive Card tabs aren't supported in the new Teams client. If your app is using Adaptive Card tabs, we recommend you rebuild the tab as a web-based tab. For more information, see [build tabs for Teams](../tabs/what-are-tabs.md).

-* ***August 10, 2023***: [Send a proactive message using AAD ID](bots/how-to/conversations/send-proactive-messages.md)

-***August 21, 2023***: [Introduced the new Microsoft Teams client to provide better experience for your apps and users](resources/teams-updates.md).

-***August 21, 2023***: [Use Adaptive Card-based Loop components to build collaborative experiences within Teams message extensions that work across Microsoft 365.](m365-apps/design-loop-components.md)

-***August 08, 2023***: [Use callRecording API to fetch meeting recording from all meetings.](graph-api/meeting-transcripts/overview-transcripts.md)