Home > Aviator > Aviator for SharePoint Online > Permissions Required by Destination SharePoint Online > Delegated App Profile Permissions
Export to PDFDelegated App Profile Permissions
Fly allows you to use the Fly delegated app profile or custom delegated app profile to connect to your workspace.
*Note: The license and permission requirements for the consent user are the same as those for the service account. Refer to Service Account Permissions for details.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Microsoft Graph | User.Read.All(Read user profiles) | Delegated | Retrieve and migrate Microsoft 365 users. |
| Microsoft Graph | RoleManagement.Read.Directory(Read directory RBAC settings) | Delegated | Retrieve and migrate Microsoft global groups. |
| Microsoft Graph | Files.Read.All(Read files in all site collections) | Delegated | Retrieve channel folders in destination team sites. |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Delegated | Retrieve and migrate Microsoft 365 Groups and Group members. *Note: The permission is required in the following situations when running SharePoint Online migrations:● Create Microsoft 365 groups and add group members when migrating source team sites related to Microsoft 365 Groups.● Map source SharePoint Groups (Owners/Members/Visitors) to destination Microsoft 365 Groups and add users to the Microsoft 365 Groups as owners or members when migrating team sites without Microsoft 365 Groups to team sites related to Microsoft 365 Groups. If you want to use Microsoft 365 Groups Migration to migrate the Microsoft 365 Groups to which the team sites belong, you can remove this permission. |
| SharePoint | AllSites.FullControlHave full control of all site collections | Delegated | Retrieve settings and permissions of SharePoint Online site collections. |
| SharePoint | TermStore.ReadWrite.All(Read and write managed metadata) | Delegated | Retrieve and migrate to Managed Metadata Service. |
| Azure Rights Management Services*Note: For 21Vianet tenants, the API name is Microsoft Rights Management Services. | user_impersonation(Create and access protected content for users) | Delegated | Only required if you want to manage sensitivity labels of files/sites. |
| Microsoft Information Protection Sync Service | UnifiedPolicy.User.Read(Read all unified policies of the tenant) | Delegated | Only required if you want to manage sensitivity labels of files/sites. |
For easy use, you can directly use the following commands to add required API permissions through Manifest for Microsoft 365 Commercial tenants.
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "59a198b5-0420-45a8-ae59-6da1cb640505",
"type": "Scope"
},
{
"id": "56680e0d-d2a3-4ae1-80d8-3c4f2100e3d0",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "df85f4d6-205c-4ac5-a5ea-6bf408dba283",
"type": "Scope"
},
{
"id": "4e46008b-f24c-477d-8fff-7bb4ec7aafe0",
"type": "Scope"
},
{
"id": "741c54c3-0c1e-44a1-818b-3f97ab4e8c83",
"type": "Scope"
},
{
"id": "a154be20-db9c-4678-8ab7-66f6cc099a59",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000012-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "c9c9a04d-3b66-4ca8-a00c-fca953e2afd3",
"type": "Scope"
}
]
},
{
"resourceAppId": "870c4f2e-85b6-4d43-bdda-6ed9a579b725",
"resourceAccess": [
{
"id": "34f7024b-1bed-402f-9664-f5316a1e1b4a",
"type": "Scope"
}
]
}
],