Permissions required for SharePoint

Permissions Required in SharePoint for Unifize Integration

Unifize’s integration with SharePoint and Microsoft 365 enables users to seamlessly access, manage, and collaborate on documents within a unified workspace. To ensure secure and functional operation, both SharePoint permissions and Microsoft 365 permissions are required. Here's a complete breakdown of the access levels necessary.


1. Permissions Needed to Integrate SharePoint with Unifize

To enable integration at the organizational or tenant level, admin-level access is required. This is necessary for Unifize to authenticate, connect, and interact with SharePoint resources.

  • Microsoft Graph API permissions:

    • Sites.ReadWrite.All → Allows Unifize to read and write to all site collections on behalf of the signed-in user.

    • Files.ReadWrite.All → Enables full access to all files the user has access to.

    • User.Read → Grants read access to the user's profile.

    • offline_access → Allows Unifize to maintain access using refresh tokens even when the user is offline.

These permissions need to be granted by a Microsoft 365 Global Administrator during the initial connection setup.


2. SharePoint Permissions Required for Using the Integration

Once integration is set up, each Unifize user interacting with SharePoint must have appropriate permissions within the SharePoint site or document library. These are needed for accessing, editing, uploading, or collaborating on documents.

Common SharePoint Permission Levels:

Permission Level
Required For
Scope

Read

Viewing linked documents

Library or Folder

Contribute

Uploading new documents, editing existing ones

Library

Edit

Managing document metadata, versioning

Library

Full Control

Site admin operations, managing permissions

Site (Admin only)

Users will see permission errors inside Unifize if their SharePoint roles do not match the operation they’re trying to perform (e.g., upload, rename, lock/unlock files).


3. Microsoft 365 Permissions for Supporting Features

To enhance collaboration using tools like Word, Excel, and Teams inside Unifize, users need the following permissions at the Microsoft 365 level:

Required Permissions (User-level):

  • Microsoft 365 License:

    • Ensure users are licensed for SharePoint Online and Office Online (Word, Excel, etc.)

  • Teams Integration (optional):

    • Chat.ReadWrite and Teams.ReadBasic.All if Teams chat or group-based workflows are used within Unifize


4. Ongoing Access & Token Management

Unifize uses OAuth2 and Microsoft Identity Platform for secure access:

  • Tokens are scoped to the signed-in user

  • Permissions are enforced based on what the user has in Microsoft 365 and SharePoint

  • Admin consent is required only once unless permissions change


Summary Checklist

Action
Role Required
Permissions

Initial Integration Setup

Microsoft 365 Global Admin

Sites.ReadWrite.All, Files.ReadWrite.All, offline_access

Daily Use of SharePoint via Unifize

End User

SharePoint site-specific (Read, Contribute, Edit)

Office 365 Document Editing

End User

Valid license for Office Online

Admin Management of Files

SharePoint Admin or Site Owner

Full Control


Pro Tips

  • Use SharePoint permission inheritance carefully to avoid unwanted access escalation.

  • If users report access errors in Unifize: check both SharePoint library permissions and their Microsoft 365 license.

  • Maintain a least-privilege approach: grant only what is necessary per role.

Last updated