In this article, we will review permission prerequisites that an account used for backup should meet.
Project for the web account/Planner (premium plans)
For Backup operations:
The connection account for Project for the web/Planner (premium plans) backup should meet the following requirements:
1. The account should be a member/a user of the tenant and the Power Platform Environment where Project for the web is deployed.
2. The account should have any of the following licenses assigned:
- Project Plan P1.
- Project Plan P3 (previously called Project Online Professional).
- Project Plan P5 (previously called Project Online Premium).
Any of the following licenses is enough for read-only access to the Project for the web/Planner (premium plans) data:
- Microsoft 365 F3 and Office 365 F3
- Office 365 E1
- Microsoft 365 for business
- Microsoft E3 and Office 365 E3
- Microsoft E5 and Office 365 E5
- Microsoft Power Automate
The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a security role in the Environment that allows reading all or personal Project for the web data (e.g. System Administrator, Basic User) The account should be a member of all projects in Project for the web (their Microsoft 365 groups) that need to be backed up. In case there are projects without associated groups, the account should be their creator to be able to back up them.
For Restore operations:
1. The account should be a member/a user of the tenant and the Power Platform Environment where Project for the web/Planner (premium plans) is deployed.
2. The account should have any of the following licenses assigned:
- Project Plan P1
- Project Plan P3 (previously called Project Online Professional)
- Project Plan P5 (previously called Project Online Premium)
3. The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled.
Also, the account should have a Security Role in the Environment that allows reading and writing data to Project for the web (e.g. System Administrator or Service Writer default security roles, or custom roles with Read, Create and Write permissions enabled).
Please refer to this article if you receive the 'Need admin approval' message while adding Project for the web/Planner (premium plans) connection.
In case the restore is performed to the existing Microsoft 365 groups, the connection account should be added as a member or an owner to them.
To connect to Project for the web for the first time, Microsoft 365 tenant Global Administrator consent is required to allow FluentPro Backup to access your Microsoft 365 tenant.
Admin consent should be granted only once before adding the first Project for the web connection account. Once the consent is granted, any user account credentials that meet the requirements can be used for connecting to your Project for the web environment.
FluentPro Backup application for Project for the web/Planner (premium plans) connection will be added to Microsoft 365 tenant.
The following API permissions will be granted:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.ReadWrite.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
FluentPro Backup will have the following permissions for reading (backup) and writing (restore) Project for the Web/Planner (premium plans) data:
- Read data in the organization's directory, such as users, groups, all users' basic profiles, users' primary email addresses on behalf of the signed-in user.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership on behalf of the signed-in user.
- Create groups, read, and update the group properties and memberships on behalf of the signed-in user. It allows group owners to manage their groups and allows group members to update group content.
- Read and update data in the existing Projects that the connection account has access to in Project for the web, create new Projects, Resources, and Dynamics 365 Teams.
- Maintain access to data you have given it access to.
- Access Common Data Service (CDS) as organization users.
Monday.com account
For Backup operations:
As a Personal API token is used for the connection to the Monday.com environment, data will be available for backup depending on the account permissions in Monday.com.
The following Monday.com data will be read using either the personal API Token of an Admin account or the API token of a Member user account:
- All Monday.com Workspaces are read even if the connection account is not an owner or a member of the Workspaces.
- All Monday.com Teams and Users are read and backed up.
Boards of the following types will be available to select for the backup:
- All Boards of the Main (Public) type from all Workspaces and Folders.
- Boards of the Shareable type where the connection account is a Board owner or is added as a member.
- Boards of the Private type where the connection account is a Board owner or a member.
- Available Boards can be backed up with any Board Permissions (‘Edit everything’, ‘Edit content’, ‘Edit rows assigned’, ‘View only’) as the Boards are only read, but not edited, during the backup.
For more information on which Monday.com entities are supported for the backup, please refer to the following article.
For Restore operations:
Currently, the same API token/the same connection account is used for the Restore operations to Monday.com in FluentPro Backup.
The account whose API token is used for the restore should have permissions for:
- creating new Workspaces and reading the existing ones,
- creating and updating Boards of different types,
- reading users and Teams,
- @mentioning and adding all users of the account to the Board Owners, Members, Item Subscribers, and Updates,
- uploading files to Monday.com.
If the restore is performed to an existing Monday.com Workspace, the connection account should be added as a Workspace Member or an Owner to be able to create new Boards in the Workspace.
Account with the Admin role is not required. API tokens of the following accounts can be used for the connection:
1. Admin account (not required).
2. Activated user account with the Member role.
Please refer to the How to create API token for Monday article for information on how the tokens are created.
Microsoft Planner/Planner (basic plans) account
For Backup operations:
The connection account for Backup operations from Planner/Planner (basic plans) should meet the following requirements:
- The account should have access to all necessary existing Microsoft 365 groups, Planner Plans, and users.
- The account should be added as a member to the public and private groups and Plans that need to be backed up (only these groups and Plans will be available to select for the backup).
The connection account for Restore operations to Planner/Planner (basic plans) should meet the following requirements:
- The account should have access to all necessary existing Microsoft 365 groups, Planner Plans, and users.
- If the backup is performed to existing Microsoft 365 groups, the account should be added as a member or an owner to those groups. The account should be a member and an owner of the existing target Private groups.
- The Planner account should have an Exchange Online license to be able to add task Comments (if the backed up Plan tasks have Comments to restore).
In order to connect to Microsoft Planner/Planner (basic plans) for the first time, tenant Global Administrator consent is required to allow FluentPro Backup to access your Microsoft 365 tenant.
Admin consent should be granted only once before adding the first Planner/Planner (basic plans) connection account. Once the consent is granted, any user account credentials without admin permissions can be used for connecting to Planner/Planner (basic plans).
Please refer to this article if you receive the 'Need admin approval' message when adding a Planner/Planner (basic plans) connection.
FluentPro Backup application for Planner/Planner (basic plans) backups will be added to Microsoft 365 tenant. For FluentPro Backup to backup and restore data using Microsoft Graph API, the administrator must grant the app the correct permissions via a consent process.
The following Microsoft Graph API permissions are required:
For the backup:
- Group.Read.All
- User.ReadBasic.All
- Directory.Read.All
FluentPro Backup will have the following permissions for reading data from Microsoft Planner/Planner (basic plans):
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership
- Read data from existing Plans in Microsoft Planner
- Read sites of Microsoft 365 groups, linked to Planner Plans (required for file attachments migration).
For the Restore:
- Group.ReadWrite.All
- Directory.Read.All
- Sites.ReadWrite.All
- User.ReadBasic.All
FluentPro Backup will have the following permissions for data backup to Microsoft Planner/Planner (basic plans):
- Create new and update Microsoft 365 groups (Write permissions)
- Create new Plans in Microsoft Planner (Write permissions)
- Read and update sites of Microsoft 365 groups, linked to Planner Plans (Write permissions, required for attachments migration).
Asana account
An active Asana user account with the Admin or Member role can be used for the connection to the Asana environment. An account with the Admin role is not required.
For Backup operations:
Asana Workspaces/Teams and Projects will be available for backup depending on the connection account access level in Asana. The following Asana data will be read using the connection account:
- All Asana Teams where the connection account is added as a member, an admin or a guest (for organizations) and which it has access to.
- Asana users that are added as members or guests (Limited Access users) to the Workspaces/Teams where the connection account is a member, and users that are members of the Projects to which the connection account has access. In case an Organization is enabled in the environment, all Organization users will be read.
- All Public to Team or Public to Workspace Projects, where the Asana connection account is a Project member, an owner, or a member of the Project Workspace/Team.
- All Private Projects where the account is added as a Project member or an owner.
- All Archived Projects where the Asana account is a Project member, an owner, or a member of the Project Workspace/Team.
In order to connect to an Asana account for the first time, FluentPro Backup should be granted access to the account – the FluentPro Backup app should be authorized with Asana Consent.
FluentPro Backup will have the following permissions for reading data from Asana once the access is granted:
- Read the connection account name and email address
- Read all Teams and Workspaces that the account has access to, Team/Workspace members, Projects with Project details, Project members and owner, tasks with their details and custom fields.
- Read the name, email address and status of Asana users that are accessible by the account
The granted access to the Asana environment can be revoked anytime from the account My Settings -> Apps by deauthorizing the FluentPro Backup app in Asana.
For Restore operations:
Currently, the same account is used for restore operations to Asana in FluentPro Backup.
The account should have permissions to:
- Create Teams and update existing ones, add users to the Team members
- Create and update Projects of Public, Private, Archive types, add users to the Project Members and Followers
- Create and update tasks and task details, add attachments
- Create local (project) and global custom fields, and update the existing local custom fields. It should be an active paid account with the Admin or Member role to be able to create and update custom fields.
- The restore account should be a member of the existing Team to be able to add members to it
- The account should be a paid one to be able to create Private projects. Also, it should be a member or an owner of the existing Private projects if they have to be updated during the restore.
FluentPro Backup will have the following permissions for writing data to Asana once the access is granted:
- create and modify tasks, projects, and comments on behalf of the connection account.
Smartsheet account
Permission prerequisites that a Smartsheet account used for backup and restore operations should meet.
- The connection account is required to be a Licensed User in Smartsheet.
- The account should be a Group Admin to be able to restore Groups. The Groups can be backed up with the account that does not have the Group Admin role. However, the Group Admin is required for the Group restore.
Additionally, if the restore is to the existing Group where the account is not an Owner, it should have the System Admin role to be able to update it. - The account should be a paid one to be able to back up Users.
- System Admin role in the tenant is not required. However, it is recommended if such User details as user roles/permissions should be backed up. If the account is not a System Admin, the Users will be backed up but without their roles
To connect to a Smartsheet account, FluentPro Backup should be granted access to it – the FluentPro Backup app should be authorized after the login.
FluentPro Backup will have the following permissions in Smartsheet once the access is granted:
- View basic user info, including name and email
- Read sheets, including attachments and comments
- Update sheets, including attachments and comments
- Share sheets
- Create sheets
- Delete sheets
- Add and remove users and groups from your organization
- Modify sheet columns and settings
- Manage workspaces and folders
- View account users, groups, and group members
- Retrieve contacts
The granted access to the Smartsheet environment can be revoked anytime from the account Personal Settings -> Apps by clicking ‘Revoke’ for the FluentPro Backup app in Smartsheet.
Smartsheet Workspaces and Sheets will be available for the backup depending on the connection account access level in Smartsheet – its roles in the Workspaces and Sheets:
- Those Sheets will be available for the backup where the connection account is added to the Sheet Shares with any role (Owner, Admin, Editor, Commenter, Viewer), or to the Workspace Shares where the Sheet is located, with any role.
- Personal and shared to the user Sheets, even if their Workspace(s) is not shared, are available and backed up with the Sheets folder.
- Those Workspaces will be available for the backup where the connection account is added to the Workspace Shares with any role (Owner, Admin, Editor, Commenter, Viewer)
Additional Account Requirements for Restore
Currently, the same account is used for the restore operations to Smartsheet in FluentPro Backup.
- The restore account should be an Owner or an Admin in the existing Workspace to be able to update it, delete and create Sheets in it. If the account is not added to the Workspace Shares with any role, the Sheet will be created in the Sheets Folder.
- The restore account should be a Sheet Owner, or an Owner/Admin in the Sheet Workspace to be able to delete existing Sheets with the ‘Delete Sheet before restore’ Restore Mode.
- The restore account should be a Sheet Owner or an Admin to be able to update the Sheet settings, columns, and other data with the ‘Merge with existing sheet’ Restore Mode. The account with the Editor role will be able to update only Row data during the restore with merging to the existing Sheet.
Trello account
In this article, we will review permission prerequisites that an account used for backup and restore operations should meet.
As one account is used for backup and restore operations as for now, please review all the requirements to select a suitable connection account for all operations.
For Backup operations:
Any active Trello user account with the necessary access can be used for the connection to the Trello environment. An account with the Admin role is not required.
Trello Workspaces and Boards will be available for backup depending on the connection account access level in Trello. The following Trello data will be read using the connection account:
- All Trello Workspaces where the connection account is added as a Workspace Member or an Admin.
- Trello users that are Workspace Members in the Workspaces where the connection account is a Member or an Admin, and users that are members of the Boards to which the connection account has access.
- All Public, Workspace Visible, and Organization Boards, where the Trello connection account is a Board member (with Admin, Member, or Observer role) or a member/admin of the Board Workspace.
- All Private Boards where the account is added as a Board Member (with Admin, Member, or Observer role). All Workspace Private Boards may be available if the account is a Workspace Admin, and the admin access to Private Boards within the Workspace is allowed.
- All Closed Boards where the account is added as a Board Member.
In order to connect to a Trello account for the first time, FluentPro Backup should be granted access to the account via the app. The app access can be revoked anytime from the account settings in Trello.
FluentPro Backup will have the following permissions for reading data once the access is granted:
- Read the connection account name and username
- Read the account email address
- Read all Boards and Workspaces that the account has access to
- Read the account Workspace Power-Ups
- Read the account Enterprises
For Restore operations:
- Workspace restore: The connection account should be active, with the Admin role in the existing Workspace to be able to update the Workspace properties and add members to it.
- Board restore – merge to the existing Board: The account should be a Board Admin to be able to update the Board name, Settings, role/permission of the Board Members. The Board Member role is enough to add missing members, create and update Lists, Labels, Cards, attachments, and Card default and custom fields.
- Board restore – create a Board copy: The account should be an Admin or a Member in the Workspace where the Board copy will be created, and the Board creation should not be restricted for the account.
- Board restore – delete before restore: The account should be either a Workspace Admin, or a Board Admin (if it is a Member in the workspace) to be able to delete the original Board before restore. The Board deletion should not be restricted for the account.
FluentPro Backup will have the following permissions for reading and writing data once the access is granted:
- Create and update Boards and Workspaces, add members, create and update Board Lists, Cards, card fields, and attachments
- Make comments on behalf of the connection account
- Update and manage the account Enterprises