What Permissions CloudFuze Requires for Box and SharePoint Migration?
CloudFuze needs access to third-party access to both Box and SharePoint Online (Office 365) accounts in order to initiate migration and transfer files. The following are the Box and Office 365 access permissions CloudFuze requires.
Note:
- The access permissions are granted via OAuth protocol. CloudFuze cannot access your data as a human does.
- For SharePoint Online, access to Office 365 account is required.
- To initiate migration, Box admin (not co-admin) and Office 365 global admin details are required.
Box Permissions
| Permissions | Display String | Description |
|---|---|---|
| root_readwrite | Read and write all files and folders stored in Box | Gives an application write access for the authenticated user. This allows the application to upload files, new versions of files, create new folders, create, edit, and delete collaborations, create comments, tasks, collection, and more. |
| manage_app_users | Manage users | Gives application permission to manage standard App users. App users are different from regular (managed) users and cannot log in to the Box web app. Instead, they are virtual users that can be used by an application to separate data in a server-side authenticated application. |
| manage_app_users | Manage app users | Gives application permission to manage standard App users. App users are different from regular (managed) users and can not log in to the Box web app. Instead, they are virtual users that can be used by an application to separate data in a server-side authenticated application |
| manage_group | Manage groups | Gives application permission to manage an enterprise’s group. It allows the app to change the create, update, and delete groups, as well as add and remove users to groups. |
| manage_enterprise_properties | Manage enterprise properties | Gives application permission to view the enterprise event stream, as well as view and edit the enterprise’s attributes and reports. It also allows the application to edit and delete device pinners |
| manage_data_retention | Manage retention policies | Gives application permission to view and create retention policies with Box Governance. This requires the enterprise to have purchased Box Governance. |
| manage_webhook | Manage webhooks v2 | Gives application permission to create webhooks for a user. Some limitations exist for webhooks, most notably there is a limit of 1000 webhooks per application, per user. |
| Magazzini Alimentari Riuniti | Admin can make calls on behalf of Users | Gives an application with added Admin permissions to make changes to users |
| Magazzini Alimentari Riuniti | Delete a specific file or folder stored in Box | Gives an application permissions to delete a file/folder in a box |
SharePoint Online Permissions
| Permissions | Display String | Description | Why Cloudfuze need this? |
|---|---|---|---|
| Directory.Read.All | Read directory data | Allows the app to read data in your organization’s directory, such as users, groups, and apps. Note: Users may consent to applications that require this permission if the application is registered in their own organization’s tenant. | To display the target SharePoint site and directory to migrate. |
| Directory.ReadWrite.All | Read and write directory data | Allows the app to read and write data in your organization’s directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords. | To migrate the data to the selected sites, subsite and directory |
| People.Read.All | Read all users’ relevant people lists | Allows the app to read a scored list of people relevant to the signed-in user or other users in the signed-in user’s organization. The list can include local contacts, contacts from social networking or your organization’s directory, and people from recent communications (such as email and Skype). It also allows the app to search the entire directory of the signed-in user’s organization. | To select the user from the list to migrate or add as a collaborator. |
| User.Read | Sign-in and read user profile | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. | Fetch user details for mapping from source to destination. |
| Domain.ReadWrite.All | Read and write domains | Allows the app to read and write domains without a signed-in user. | To support multiple user domains to map and migrate. |
| RoleManagement.ReadWrite.Directory | Read and write directory RBAC settings | Allows the app to read and manage the role-based access control (RBAC) settings for your company’s directory, on behalf of the signed-in user. This includes instantiating directory. roles and managing directory role membership, and reading directory role templates, directory roles, and memberships. | To add the appropriate collaborators matching the source. |
| Sites.FullControl.All | Have full control of all site collections | Allows the app to have full control of SharePoint sites in all site collections on behalf of the signed-in user. | sdfaas |
| User.ReadWrite.All | Read and write all users’ full profiles | Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. It also allows the app to create and delete users as well as reset user passwords on behalf of the signed-in user. | |
| Directory.AccessAsUser.All | Access directory as the signed-in user | It allows the app to have the same access to information in the directory as the signed-in user. | |
| Files.ReadWrite.All | Have full access to all files user can access | Allows the app to read, create, update, and delete all files the signed-in user can access. | |
| Files.ReadWrite.Selected | Read and write files that the user selects | Limited support in Microsoft Graph; see Remarks(Preview) Allows the app to read and write files that the user selects. The app has access for several hours after the user selects a file. | |
| Sites.ReadWrite.All | Edit and delete items in all site collections | Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user. | |
| Group.ReadWrite.All | Read and write all groups | Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Also allows the app to read and write calendar, conversations, files, and other group content for all groups the signed-in user can access. Additionally allows group owners to manage their groups and allows group members to update group content. | |
| People.Read | Read users’relevant people lists | Allows the app to read a scored list of people relevant to the signed-in user. The list can include local contacts, contacts from social networking or your organization’s directory, and people from recent communications (such as email and Skype). | |
| User.Export.All | User.Export.All | Allows the app to export an organizational user’s data, when performed by a Company Administrator. | |
| User.Read.All | Read all users’ full profiles | Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. | |
| User.ReadWrite.All | Read and write all users’ full profiles | Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. It also allows the app to create and delete users as well as reset user passwords on behalf of the signed-in user. | |
| Files.ReadWrite.All | Read and write files in all site collections | Allows the app to read, create, update, and delete all files in all site collections without a signed-in user. | |
| Sites.ReadWrite.All | Read and write items in all site collections | Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user. |
Leave A Comment