# Permissions required for SharePoint ## Permissions Required in SharePoint for Unifize Integration Unifize’s integration with SharePoint and Microsoft 365 enables users to seamlessly access, manage, and collaborate on documents within a unified workspace. To ensure secure and functional operation, both **SharePoint permissions** and **Microsoft 365 permissions** are required. Here's a complete breakdown of the access levels necessary. *** ### 1. Permissions Needed to **Integrate SharePoint with Unifize** To enable integration at the organizational or tenant level, **admin-level access** is required. This is necessary for Unifize to authenticate, connect, and interact with SharePoint resources. #### Required Permissions (Admin Consent Scope): * **Microsoft Graph API permissions:** * `Sites.ReadWrite.All` → Allows Unifize to read and write to all site collections on behalf of the signed-in user. * `Files.ReadWrite.All` → Enables full access to all files the user has access to. * `User.Read` → Grants read access to the user's profile. * `offline_access` → Allows Unifize to maintain access using refresh tokens even when the user is offline. > These permissions need to be granted by a Microsoft 365 Global Administrator during the initial connection setup. *** ### 2. SharePoint Permissions Required for **Using the Integration** Once integration is set up, **each Unifize user** interacting with SharePoint must have appropriate permissions within the SharePoint site or document library. These are needed for accessing, editing, uploading, or collaborating on documents. #### Common SharePoint Permission Levels: | Permission Level | Required For | Scope | | ---------------- | ---------------------------------------------- | ----------------- | | **Read** | Viewing linked documents | Library or Folder | | **Contribute** | Uploading new documents, editing existing ones | Library | | **Edit** | Managing document metadata, versioning | Library | | **Full Control** | Site admin operations, managing permissions | Site (Admin only) | > Users will see permission errors inside Unifize if their SharePoint roles do not match the operation they’re trying to perform (e.g., upload, rename, lock/unlock files). *** ### 3. Microsoft 365 Permissions for Supporting Features To enhance collaboration using tools like Word, Excel, and Teams inside Unifize, users need the following permissions at the Microsoft 365 level: #### Required Permissions (User-level): * **Microsoft 365 License**: * Ensure users are licensed for **SharePoint Online** and **Office Online (Word, Excel, etc.)** * **Teams Integration (optional)**: * `Chat.ReadWrite` and `Teams.ReadBasic.All` if Teams chat or group-based workflows are used within Unifize *** ### 4. Ongoing Access & Token Management Unifize uses **OAuth2 and Microsoft Identity Platform** for secure access: * Tokens are scoped to the signed-in user * Permissions are enforced based on what the user has in Microsoft 365 and SharePoint * Admin consent is required only once unless permissions change *** ### Summary Checklist | Action | Role Required | Permissions | | ----------------------------------- | ------------------------------ | -------------------------------------------------------------- | | Initial Integration Setup | Microsoft 365 Global Admin | `Sites.ReadWrite.All`, `Files.ReadWrite.All`, `offline_access` | | Daily Use of SharePoint via Unifize | End User | SharePoint site-specific (`Read`, `Contribute`, `Edit`) | | Office 365 Document Editing | End User | Valid license for Office Online | | Admin Management of Files | SharePoint Admin or Site Owner | Full Control | *** ### Pro Tips * Use SharePoint permission inheritance carefully to avoid unwanted access escalation. * If users report access errors in Unifize: check both SharePoint library permissions and their Microsoft 365 license. * Maintain a least-privilege approach: grant only what is necessary per role.