What Permissions CloudFuze Requires for Box and SharePoint Migration?

CloudFuze needs access to third-party access to both Box and SharePoint Online (Office 365) accounts in order to initiate migration and transfer files. The following are the Box and Office 365 access permissions CloudFuze requires.

Note:

  1. The access permissions are granted via OAuth protocol. CloudFuze cannot access your data as a human does.
  2. For SharePoint Online, access to Office 365 account is required.
  3. To initiate migration, Box admin (not co-admin) and Office 365 global admin details are required.

Box Permissions

Permissions Display String Description
root_readwrite Read and write all files and folders stored in Box Gives an application write access for the authenticated user. This allows the application to upload files, new versions of files, create new folders, create, edit, and delete collaborations, create comments, tasks, collection, and more.
manage_app_users Manage users Gives application permission to manage standard App users. App users are different from regular (managed) users and cannot log in to the Box web app. Instead, they are virtual users that can be used by an application to separate data in a server-side authenticated application.
manage_app_users Manage app users Gives application permission to manage standard App users. App users are different from regular (managed) users and can not log in to the Box web app. Instead, they are virtual users that can be used by an application to separate data in a server-side authenticated application
manage_group Manage groups Gives application permission to manage an enterprise’s group. It allows the app to change the create, update, and delete groups, as well as add and remove users to groups.
manage_enterprise_properties Manage enterprise properties Gives application permission to view the enterprise event stream, as well as view and edit the enterprise’s attributes and reports. It also allows the application to edit and delete device pinners
manage_data_retention Manage retention policies Gives application permission to view and create retention policies with Box Governance. This requires the enterprise to have purchased Box Governance.
manage_webhook Manage webhooks v2 Gives application permission to create webhooks for a user. Some limitations exist for webhooks, most notably there is a limit of 1000 webhooks per application, per user.
Magazzini Alimentari Riuniti Admin can make calls on behalf of Users Gives an application with added Admin permissions to make changes to users
Magazzini Alimentari Riuniti Delete a specific file or folder stored in Box Gives an application permissions to delete a file/folder in a box

SharePoint Online Permissions

Permissions Display String Description Why Cloudfuze need this?
Directory.Read.All Read directory data Allows the app to read data in your organization’s directory, such as users, groups, and apps. Note: Users may consent to applications that require this permission if the application is registered in their own organization’s tenant. To display the target SharePoint site and directory to migrate.
Directory.ReadWrite.All Read and write directory data Allows the app to read and write data in your organization’s directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords. To migrate the data to the selected sites, subsite and directory
People.Read.All Read all users’ relevant people lists Allows the app to read a scored list of people relevant to the signed-in user or other users in the signed-in user’s organization. The list can include local contacts, contacts from social networking or your organization’s directory, and people from recent communications (such as email and Skype). It also allows the app to search the entire directory of the signed-in user’s organization. To select the user from the list to migrate or add as a collaborator.
User.Read Sign-in and read user profile Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. Fetch user details for mapping from source to destination.
Domain.ReadWrite.All Read and write domains Allows the app to read and write domains without a signed-in user. To support multiple user domains to map and migrate.
RoleManagement.ReadWrite.Directory Read and write directory RBAC settings Allows the app to read and manage the role-based access control (RBAC) settings for your company’s directory, on behalf of the signed-in user. This includes instantiating directory. roles and managing directory role membership, and reading directory role templates, directory roles, and memberships. To add the appropriate collaborators matching the source.
Sites.FullControl.All Have full control of all site collections Allows the app to have full control of SharePoint sites in all site collections on behalf of the signed-in user. sdfaas
User.ReadWrite.All Read and write all users’ full profiles Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. It also allows the app to create and delete users as well as reset user passwords on behalf of the signed-in user.
Directory.AccessAsUser.All Access directory as the signed-in user It allows the app to have the same access to information in the directory as the signed-in user.
Files.ReadWrite.All Have full access to all files user can access Allows the app to read, create, update, and delete all files the signed-in user can access.
Files.ReadWrite.Selected Read and write files that the user selects Limited support in Microsoft Graph; see Remarks(Preview) Allows the app to read and write files that the user selects. The app has access for several hours after the user selects a file.
Sites.ReadWrite.All Edit and delete items in all site collections Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user.
Group.ReadWrite.All Read and write all groups Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Also allows the app to read and write calendar, conversations, files, and other group content for all groups the signed-in user can access. Additionally allows group owners to manage their groups and allows group members to update group content.
People.Read Read users’relevant people lists Allows the app to read a scored list of people relevant to the signed-in user. The list can include local contacts, contacts from social networking or your organization’s directory, and people from recent communications (such as email and Skype).
User.Export.All User.Export.All Allows the app to export an organizational user’s data, when performed by a Company Administrator.
User.Read.All Read all users’ full profiles Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
User.ReadWrite.All Read and write all users’ full profiles Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. It also allows the app to create and delete users as well as reset user passwords on behalf of the signed-in user.
Files.ReadWrite.All Read and write files in all site collections Allows the app to read, create, update, and delete all files in all site collections without a signed-in user.
Sites.ReadWrite.All Read and write items in all site collections Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user.

Start Migrating Today

Leverage our one-stop solution to securely migrate to Microsoft 365, Google Workspace, and between other leading clouds. Our solutions are ready to tackle migrations of all sizes and complexities!