# Required permissions for each application

Microsoft Graph permissions matrix

# OpenID/Entra ID

The following permissions are required for user authentication:

Microsoft Graph → Delegated permissions → openid: Required for user authentication.

Microsoft Graph → Delegated permissions → offline_access: Required to retain access to data the user gave ELO Sync access to. This enables the continuous synchronization of data without user intervention.

Microsoft Graph → Delegated permissions → User.Read: Required for authentication and to read the user profile. This is required for authentication with the ELO repository.

# SharePoint Online

# Archiving folders

Microsoft Graph → Delegated permissions → Sites.Read.All: Required to read the content of the selected SharePoint sites, lists, and document libraries. Only the elements that the user who created the job can see are archived.

In addition, the same file rights are required as with archiving files.

# Bidirectional synchronization of folders

Requires the same permissions as archiving folders.

In addition, the same file rights are required as with bidirectional synchronization of files.

# Publishing in a folder

Requires the same permissions as archiving folders.

In addition, the same file rights are required as with publishing on a drive.

# Archiving lists/libraries

# Bidirectional synchronization of lists or libraries

Microsoft Graph → Delegated permissions → Sites.ReadWrite.All: Required to create, edit, or delete elements in the selected SharePoint lists and document libraries. The user creating the job must have read/write access to the list/library.

# Publishing in a list/library

Requires the same permissions as bidirectional synchronization of lists or libraries.

# Archiving a site

Microsoft Graph → Delegated permissions → Sites.Read.All: Required to read the content of the selected SharePoint site.

# Bidirectional synchronization of a site

All permissions are required for full functionality.

Microsoft Graph → Delegated permissions → Sites.ReadWrite.All: Required to create, edit, or delete elements in the lists/libraries of the selected SharePoint site.

Microsoft Graph → Delegated permissions → Sites.Manage.All: Required to create document libraries in the selected SharePoint site. New document libraries are created automatically for each of the corresponding child folders in the ELO target folder.

# Publishing on a site

Requires the same permissions as bidirectional synchronization of a site.

# OneDrive

# General

Microsoft Graph → Delegated permissions → Group.Read.All: Required to read the available OneDrive groups so that the user can select the drives of this group in the job configuration.

# Archiving files

One of the following permissions is required. Setting both is not necessary and does not offer any additional functions.

Microsoft Graph → Delegated permissions → Files.Read: Required to read the content of the selected OneDrive drives. Only files of the user creating the job are archived. Shared files of other users are not archived.

Microsoft Graph → Delegated permissions → Files.Read.All: Required to read the content of the selected OneDrive drives. All files belonging to the user who created the job or that were shared with them are archived.

# Bidirectional synchronization of files

One of the following permissions is required. Setting both is not necessary and does not offer any additional functions.

Microsoft Graph → Delegated permissions → Files.ReadWrite: Required to create, edit, or delete files in the selected OneDrive drives. Only files belonging to the user who created the job are synchronized. Shared files of other users are not synchronized.

Microsoft Graph → Delegated permissions → Files.ReadWrite.All: Required to create, edit, or delete files in the selected OneDrive drives. All files that the user who created the job owns that have been shared with them are synchronized.

# Publishing on a drive

Requires the same permissions as bidirectional synchronization of files.

← ELO Sync in Azure