ShareGate Apricot requires permissions to access the following Microsoft APIs:
- Microsoft Graph
- Office 365 SharePoint Online
- Windows Azure Active Directory
There are two types of required permissions:
- Application Permissions
- Define what ShareGate Apricot is allowed to do within your tenant independently, without a signed in user.
- Delegated Permissions
- Define what ShareGate Apricot is allowed to do within your tenant on behalf of the signed-in user.
ShareGate Apricot needs access to specific resources on your Office 365 tenant to work properly. You need to provide your consent for Apricot to obtain this access.
The following permissions are required (referenced from Microsoft Graph permissions reference):
Microsoft Graph
|
Permission |
Type |
Reason |
| Read all groups | Application Delegated |
Allows ShareGate Apricot to list groups, their properties, and membership. |
| Read items in all site collections | Application Delegated |
Allows ShareGate Apricot to access SharePoint data to determine user activity. |
| Read directory data | Application Delegated |
Allows ShareGate Apricot to read data in your organization's directory, such as users, groups and apps. |
| Read and write directory data | Application |
Allows ShareGate Apricot to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. |
| Read and write all groups | Application |
Allows ShareGate Apricot to delete a group when an archive is requested by the owner or restore a group when requested by an administrator. |
| Send mail as any user | Application | Allows ShareGate Apricot to send notifications to group owners. |
Office 365 SharePoint Online
|
Permission |
Type |
Reason |
| Read items in all site collections | Application | Allows ShareGate Apricot to access SharePoint data to determine user activity. |
| Read directory data | Application | Allows ShareGate Apricot to read data in your organization's directory, such as users, groups and apps. |
Windows Azure Active Directory
|
Permission |
Type |
Reason |
| Sign in and read user profile | Delegated |
Allows admin users to sign in ShareGate Apricot. Only Global Admin, SharePoint Admin and Groups Admin levels are allowed to sign in the application. |
| Read directory data | Application |
Allows admin users to sign into ShareGate Apricot. Only Global Admin, SharePoint Admin and Groups Admin levels are allowed to sign in the application. |
Comments
0 comments
Article is closed for comments.