Box is introducing enhanced security measures governing how co-admin users access content through third-party applications. With this update, when a Box co-admin accesses Box via APIs or third-party applications, the permissions assigned directly to the co-admin will take precedence over those assigned to the application itself.
For example: If an application has permission to read other users' content, but the co-admin using it does not have that permission, then the application will not be able to read other users' content when used by that specific co-admin.
This improvement will provide organizations with greater control and precision in managing sensitive content accessed through external applications.
To learn more about roles and access permissions please visit here.