# Permissions Required
When you run the [permissions script](/v1/installation/installation-instructions.md#step-2-start-the-permissions-script)[ ](https://docs.bsure.no/install/installation-instructions#step-2-give-permissions)during the installation process, you give the Microsoft Graph permissions below to a Managed Identity used by the Azure Functions in the Managed Resource Group.
* Directory.Read.All, used to read user and license information​
* AuditLog.Read.All, used to get user last signin information​
* Domain.Read.All, used to get friendly names for tenantid​
* Reports.Read.All, used to read user MFA registration information
* Policy.Read.All, used to read signin logs and conditional access policies
* MailboxSettings.Read, used to read user purpose of the user's mailbox
#### The Managed Identity holds these permissions:
### Permissions Bsure have in your environment:
To monitor jobs and provide updates and new features the solution provider Bsure will be given contributor access during setup to the Managed Resource Group inside the managed application.
Bsure can't consume customer data, ref
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.bsure.io/v1/technical-description/permissions-required.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.