Privacy Policy: Qorus Microsoft Access Projects
Updated: 2023-09-18
Accessing user data
These projects allow access to Microsoft resources from a Qorus Integration Engine(R) application instance. The Qorus application instance communicates directly with the Microsoft APIs.
The Qorus Microsoft Access projects never receive your data or the permission to access your data.
When the cloud API is used for the authorization code flow, only anonymous information about the OAuth2 server used is stored; no customer-identifiable information is logged or stored on Qore Technologies' systems.
When the local server is used for the authorization flow, all data related to access to Microsoft resources is stored on the local Qorus application instance.
Qorus Integration Engine(R) includes functionality (APIs and no-code integration objects) that you can execute in order to read or modify your own data. This can only happen after you provide a token, which requires that you authenticate yourself as a specific Microsoft user and authorize these actions.
Qorus Integration Engine(R) can help you get a token by guiding you through the OAuth flow in the browser. There you must consent to allow the Qorus Microsoft Access project to access data on your behalf. The OAuth consent screen will describe the scope of what is being authorized, e.g., it will name the target API(s) and whether you are authorizing “read only” or “read and write” access.
There are two ways to use these packages without authorizing a Qorus Microsoft Access project: bring your own service account token or configure the package to use an OAuth client of your choice.
Scopes
Overview of the scope requested by various Qorus Microsoft Access projects and their rationale:
- Dynamics Access (full: create, read, update, delete): This scope provides full access to all data associated with the user and the tenant. This will allow Qorus Integration Engine(R) to create, read, update, and delete any and all information related to Microsoft Dymamics data.
Sharing user data
No user data is shared with Qore Technologies or any other servers.
Storing user data
These packages store credentials on the Qorus Integration Engine(R) application instance to enable access to Microsoft APIs on your behalf. Be aware that authorizing a Qorus Integration Engine(R) instance to access Microsoft data enables access to that data by any user that can access the Qorus Integration Engine(R) instance with appropriate permissions to access the Microsoft REST connection created. Use caution when granting access to sensitive information on an application instance shared with other users.
By default, OAuth tokens are stored against a Qorus connection.
Policies for authors of packages or other applications
Do not use client IDs or client secrets from Qorus Microsoft Access projects in any external package or tool.
Qorus Microsoft Access projects are designed to work only with Qorus Integration Engine(R) and should never be used for any other purpose or in any other context.
See also
- Acceptable Use Policy (the "AUP"), which outlines prohibited uses of our Services
- Terms of Service (the "ToS"), which describes the terms under which our Services can be used
Comments are closed.