Topic
Additional Information
The Global Administrator credentials are used to validate that the individual adding the data connection in a Nintex Analytics workspace is authorized to access the data within SharePoint Online.
In validating the credentials, Microsoft defines two techniques: Delegated and Application permission.
Going down the route of least privileges, Nintex Analytics leverages "Application Permission" with "Sites.Read.All" to validate that the account is a Global Administrator. Although the permission does say that Nintex Analytics can read items, we do not read any items from your SharePoint Online tenant and use it only for authentication purposes.
As part of this, an app called 'Nintex Analytics O365 Tenant Connector' is installed automatically onto Azure Active Directory (AAD) in the tenant. Nintex Analytics doesn't need or use this app to read any data; the Nintex Workflow for Office 365 app is used for reporting on Nintex Workflows. The 'Nintex Analytics O365 Tenant Connector' app can be removed from AAD after the data connection has successfully been added to Nintex Analytics.
Related Links
Add data connections
https://help.nintex.com/en-US/analytics/QuickStart/3-DataConnections.htm
Microsoft Graph permissions reference
https://docs.microsoft.com/en-us/graph/permissions-reference#sites-permissions