# Requirements: SharePoint Toolbox v2.3

**Defined:** 2026-04-09
**Core Value:** Administrators can audit and manage SharePoint/Teams permissions and storage across multiple client tenants from a single, reliable desktop application.

## v2.3 Requirements

Requirements for v2.3 Tenant Management & Report Enhancements. Each maps to roadmap phases.

### App Registration

- [ ] **APPREG-01**: User can register the app on a target tenant from the profile create/edit dialog
- [x] **APPREG-02**: App auto-detects if user has Global Admin permissions before attempting registration
- [x] **APPREG-03**: App creates Azure AD application + service principal + grants required permissions atomically (with rollback on failure)
- [ ] **APPREG-04**: User sees guided fallback instructions when auto-registration is not possible (insufficient permissions)
- [ ] **APPREG-05**: User can remove the app registration from a target tenant
- [x] **APPREG-06**: App clears cached tokens and sessions when app registration is removed

### Site Ownership

- [x] **OWN-01**: User can enable/disable auto-take-ownership in application settings (global toggle, OFF by default)
- [x] **OWN-02**: App automatically takes site collection admin ownership when encountering access denied during scans (when toggle is ON)

### Report Enhancements

- [x] **RPT-01**: User can expand SharePoint groups in HTML reports to see group members
- [x] **RPT-02**: Group member resolution uses transitive membership to include nested group members
- [x] **RPT-03**: User can enable/disable entry consolidation per export (toggle in export settings)
- [x] **RPT-04**: Consolidated reports merge rows for the same user with identical access levels across multiple locations into a single row

## Future Requirements

### Site Ownership (deferred)

- **OWN-03**: Persistent cleanup-pending list tracking sites where ownership was elevated
- **OWN-04**: Startup warning when stale ownership entries exist from previous sessions

## Out of Scope

| Feature | Reason |
|---------|--------|
| Auto-revoke permissions | Liability risk — read-only auditing tool, not remediation |
| Real-time ownership monitoring | Requires background service, beyond scope of desktop tool |
| Group expansion in CSV reports | CSV format doesn't support expandable sections; consolidation covers the dedup need |
| Custom permission scope selection for app registration | Fixed scope set covers all Toolbox features; custom scopes add complexity without value |

## Traceability

| Requirement | Phase | Status |
|-------------|-------|--------|
| APPREG-01 | Phase 19 | Pending |
| APPREG-02 | Phase 19 | Complete |
| APPREG-03 | Phase 19 | Complete |
| APPREG-04 | Phase 19 | Pending |
| APPREG-05 | Phase 19 | Pending |
| APPREG-06 | Phase 19 | Complete |
| OWN-01 | Phase 18 | Complete |
| OWN-02 | Phase 18 | Complete |
| RPT-01 | Phase 17 | Complete |
| RPT-02 | Phase 17 | Complete |
| RPT-03 | Phase 16 | Complete |
| RPT-04 | Phase 15 | Complete |

**Coverage:**
- v2.3 requirements: 12 total
- Mapped to phases: 12
- Unmapped: 0

---
*Requirements defined: 2026-04-09*
*Last updated: 2026-04-09 after roadmap created*