# Permissions required for SharePoint

## Permissions Required in SharePoint for Unifize Integration

Unifize’s integration with SharePoint and Microsoft 365 enables users to seamlessly access, manage, and collaborate on documents within a unified workspace. To ensure secure and functional operation, both **SharePoint permissions** and **Microsoft 365 permissions** are required. Here's a complete breakdown of the access levels necessary.

***

### 1. Permissions Needed to **Integrate SharePoint with Unifize**

To enable integration at the organizational or tenant level, **admin-level access** is required. This is necessary for Unifize to authenticate, connect, and interact with SharePoint resources.

#### Required Permissions (Admin Consent Scope):

* **Microsoft Graph API permissions:**
  * `Sites.ReadWrite.All` → Allows Unifize to read and write to all site collections on behalf of the signed-in user.
  * `Files.ReadWrite.All` → Enables full access to all files the user has access to.
  * `User.Read` → Grants read access to the user's profile.
  * `offline_access` → Allows Unifize to maintain access using refresh tokens even when the user is offline.

> These permissions need to be granted by a Microsoft 365 Global Administrator during the initial connection setup.

***

### 2. SharePoint Permissions Required for **Using the Integration**

Once integration is set up, **each Unifize user** interacting with SharePoint must have appropriate permissions within the SharePoint site or document library. These are needed for accessing, editing, uploading, or collaborating on documents.

#### Common SharePoint Permission Levels:

| Permission Level | Required For                                   | Scope             |
| ---------------- | ---------------------------------------------- | ----------------- |
| **Read**         | Viewing linked documents                       | Library or Folder |
| **Contribute**   | Uploading new documents, editing existing ones | Library           |
| **Edit**         | Managing document metadata, versioning         | Library           |
| **Full Control** | Site admin operations, managing permissions    | Site (Admin only) |

> Users will see permission errors inside Unifize if their SharePoint roles do not match the operation they’re trying to perform (e.g., upload, rename, lock/unlock files).

***

### 3. Microsoft 365 Permissions for Supporting Features

To enhance collaboration using tools like Word, Excel, and Teams inside Unifize, users need the following permissions at the Microsoft 365 level:

#### Required Permissions (User-level):

* **Microsoft 365 License**:
  * Ensure users are licensed for **SharePoint Online** and **Office Online (Word, Excel, etc.)**
* **Teams Integration (optional)**:
  * `Chat.ReadWrite` and `Teams.ReadBasic.All` if Teams chat or group-based workflows are used within Unifize

***

### 4. Ongoing Access & Token Management

Unifize uses **OAuth2 and Microsoft Identity Platform** for secure access:

* Tokens are scoped to the signed-in user
* Permissions are enforced based on what the user has in Microsoft 365 and SharePoint
* Admin consent is required only once unless permissions change

***

### Summary Checklist

| Action                              | Role Required                  | Permissions                                                    |
| ----------------------------------- | ------------------------------ | -------------------------------------------------------------- |
| Initial Integration Setup           | Microsoft 365 Global Admin     | `Sites.ReadWrite.All`, `Files.ReadWrite.All`, `offline_access` |
| Daily Use of SharePoint via Unifize | End User                       | SharePoint site-specific (`Read`, `Contribute`, `Edit`)        |
| Office 365 Document Editing         | End User                       | Valid license for Office Online                                |
| Admin Management of Files           | SharePoint Admin or Site Owner | Full Control                                                   |

***

### Pro Tips

* Use SharePoint permission inheritance carefully to avoid unwanted access escalation.
* If users report access errors in Unifize: check both SharePoint library permissions and their Microsoft 365 license.
* Maintain a least-privilege approach: grant only what is necessary per role.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.unifize.com/admin-guide/customization-and-configuration/configuring-microsoft-office-365/permissions-required-for-sharepoint.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.