What Permissions CloudFuze Requires for Box and SharePoint Migration?

CloudFuze needs access to third-party access to both Box and SharePoint Online (Office 365) accounts in order to initiate migration and transfer files. The following are the Box and Office 365 access permissions CloudFuze requires.

Request a Quote

 

Note:

  1. The access permissions are granted via OAuth protocol. CloudFuze cannot be able to access your data as a human does.
  2. For SharePoint Online, access to Office 365 account is required.
  3. To initiate migration, Box admin (not co-admin) and Office 365 global admin details are required.

Box Permissions

PermissionsDisplay StringDescription
root_readwriteRead and write all files and folders stored in BoxGives an application write access for the authenticated user. This allows the application to upload files, new versions of files, create new folders, create, edit, and delete collaborations, create comments, tasks, collection, and more.
manage_app_usersManage usersGives application permission to manage standard App users. App users are different from regular (managed) users and cannot log in to the Box web app. Instead, they are virtual users that can be used by an application to separate data in a server-side authenticated application.
manage_app_usersManage app usersGives application permission to manage standard App users. App users are different from regular (managed) users and can not log in to the Box web app. Instead, they are virtual users that can be used by an application to separate data in a server-side authenticated application
manage_groupManage groupsGives application permission to manage an enterprise’s group. It allows the app to change the create, update, and delete groups, as well as add and remove users to groups.
manage_enterprise_propertiesManage enterprise propertiesGives application permission to view the enterprise event stream, as well as view and edit the enterprise’s attributes and reports. It also allows the application to edit and delete device pinners
manage_data_retentionManage retention policiesGives application permission to view and create retention policies with Box Governance. This requires the enterprise to have purchased Box Governance.
manage_webhookManage webhooks v2Gives application permission to create webhooks for a user. Some limitations exist for webhooks, most notably there is a limit of 1000 webhooks per application, per user.
Magazzini Alimentari RiunitiAdmin can make calls on behalf of UsersGives an application with added Admin permissions to make changes to users
Magazzini Alimentari RiunitiDelete a specific file or folder stored in BoxGives an application permissions to delete a file/folder in a box

SharePoint Online Permissions

PermissionsDisplay StringDescriptionWhy Cloudfuze need this?
Directory.Read.AllRead directory dataAllows the app to read data in your organization’s directory, such as users, groups, and apps. Note: Users may consent to applications that require this permission if the application is registered in their own organization’s tenant.To display the target SharePoint site and directory to migrate.
Directory.ReadWrite.AllRead and write directory dataAllows the app to read and write data in your organization’s directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords.To migrate the data to the selected sites, subsite and directory
People.Read.AllRead all users’ relevant people listsAllows the app to read a scored list of people relevant to the signed-in user or other users in the signed-in user’s organization. The list can include local contacts, contacts from social networking or your organization’s directory, and people from recent communications (such as email and Skype). It also allows the app to search the entire directory of the signed-in user’s organization.To select the user from the list to migrate or add as a collaborator.
User.ReadSign-in and read user profileAllows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.Fetch user details for mapping from source to destination.
Domain.ReadWrite.AllRead and write domainsAllows the app to read and write domains without a signed-in user.To support multiple user domains to map and migrate.
RoleManagement.ReadWrite.DirectoryRead and write directory RBAC settingsAllows the app to read and manage the role-based access control (RBAC) settings for your company’s directory, on behalf of the signed-in user. This includes instantiating directory. roles and managing directory role membership, and reading directory role templates, directory roles, and memberships.To add the appropriate collaborators matching the source.
Sites.FullControl.AllHave full control of all site collectionsAllows the app to have full control of SharePoint sites in all site collections on behalf of the signed-in user.sdfaas
User.ReadWrite.AllRead and write all users’ full profilesAllows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. It also allows the app to create and delete users as well as reset user passwords on behalf of the signed-in user.
Directory.AccessAsUser.AllAccess directory as the signed-in userIt allows the app to have the same access to information in the directory as the signed-in user.
Files.ReadWrite.AllHave full access to all files user can accessAllows the app to read, create, update, and delete all files the signed-in user can access.
Files.ReadWrite.SelectedRead and write files that the user selectsLimited support in Microsoft Graph; see Remarks(Preview) Allows the app to read and write files that the user selects. The app has access for several hours after the user selects a file.
Sites.ReadWrite.AllEdit and delete items in all site collectionsAllows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user.
Group.ReadWrite.AllRead and write all groupsAllows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Also allows the app to read and write calendar, conversations, files, and other group content for all groups the signed-in user can access. Additionally allows group owners to manage their groups and allows group members to update group content.
People.ReadRead users’relevant people listsAllows the app to read a scored list of people relevant to the signed-in user. The list can include local contacts, contacts from social networking or your organization’s directory, and people from recent communications (such as email and Skype).
User.Export.AllUser.Export.AllAllows the app to export an organizational user’s data, when performed by a Company Administrator.
User.Read.AllRead all users’ full profilesAllows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
User.ReadWrite.AllRead and write all users’ full profilesAllows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. It also allows the app to create and delete users as well as reset user passwords on behalf of the signed-in user.
Files.ReadWrite.AllRead and write files in all site collectionsAllows the app to read, create, update, and delete all files in all site collections without a signed-in user.
Sites.ReadWrite.AllRead and write items in all site collectionsAllows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user.