In this article, we will review connection account requirements for the Asana -> Project for the web migration scenario.
Please note: All information in this article also applies to the Asana-> Planner (premium plans) migration scenario.
Asana account
Any active Asana user account can be used for the connection to the Asana environment as the source system. An account with the Admin role is not required.
Asana Workspaces/Teams and Projects will be available for migration depending on the connection account access level in Asana. The following Asana data will be read using the connection account:
- All Asana Workspaces, Organization(s), and Teams where the connection account is added as a member, an admin or a guest (for organizations) and which it has access to.
- Asana users who are added as members or guests (Limited Access users) to the Workspaces/Teams where the connection account is a member, and users that are members of the Projects to which the connection account has access. In case an Organization is enabled in the environment, all Organization users will be read.
- All Public to Team or Public to Workspace Projects, where the Asana connection account is a Project member (with ‘Edit’ or ‘Comment’ access), an owner, or a member of the Project Workspace/Team.
- All Private Projects where the account is added as a Project member (with ‘Edit’ or ‘Comment’ access) or an owner.
- All Archived Projects where the Asana account is a Project member, an owner, or a member of the Project Workspace/Team.
To connect to an Asana account for the first time, Project Migrator should be granted access to the account.
Project Migrator will have the following permissions for reading data from Asana once the access is granted:
- Read the connection account name and email address
- Read all Teams and Workspaces, Projects, and tasks that the account has access to
- Read the name and email address of Asana users that are accessible by the account
The permission to create and modify tasks, projects, and comments on behalf of the connection account is requested for the app, however, the write/update access is not used by Project Migrator.
The granted access to the Asana environment can be revoked anytime from the account settings: Apps by deauthorizing the Project Migrator app in Asana.
Project for the web or Planner (premium plans) account
The connection account for migration to Project for the web/Planner (premium plans) (target) should meet the following requirements:
1. The account should be a member/a user of the tenant and the Power Platform Environment where the Project for the web is deployed.
2. The account should have any of the following licenses assigned:
- Project Plan P1
- Project Plan P3 (previously called Project Online Professional)
- Project Plan P5 (previously called Project Online Premium)
The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a Security Role in the Environment that allows reading and writing data to the Project for the web (e.g. System Administrator or Service Writer default security roles, or custom roles with Read, Create and Write permissions enabled).
In case the migration is performed to the existing Microsoft 365 groups and projects, the migration account should be added as a member or an owner.
To connect to Project for the web for the first time, Microsoft 365 tenant Global Administrator consent is required to allow Project Migrator to access your Microsoft 365 tenant.
Admin consent should be granted only once before adding the first Project for the web connection account. Once the consent is granted, any user account credentials that meet the requirements can be used for connecting to the Project for the web environment.
Project Migrator application for the Project for the web connection will be added to the Microsoft 365 tenant.
The following API permissions are required:
For the target Project for the web account:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.ReadWrite.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
Project Migrator will have the following permissions for reading and writing data to the Project for the web environment:
- Read data in the organization's directory, such as users, groups, all users' basic profiles, users' primary email addresses on behalf of the signed-in user.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership on behalf of the signed-in user.
- Create groups, read, and update the group properties and memberships on behalf of the signed-in user. It allows group owners to manage their groups and allows group members to update group content.
- Read and update data in the existing Projects that the connection account has access to in Project for the web, create new Projects, Resources, and Dynamics 365 Teams.
- Maintain access to data you have given it access to.
- Access Common Data Service (CDS) as organization users.