In this article, we will review connection account requirements for the MS Planner -> Project for the web migration scenario.
Planner account
The connection account for migration from Planner (source account) should meet the following requirements:
- The account should have access to all necessary existing Microsoft 365 groups, Planner Plans, and users.
- The account should be added as a member to the public and private groups and Plans that need to be migrated (only these groups and Plans will be available to select for the migration).
To connect to Microsoft Planner for the first time, tenant Global Administrator consent is required to allow Project Migrator to access your Microsoft 365 tenant.
Admin consent should be granted only once before adding the first Planner connection account. Once the consent is granted, any user account credentials without admin permissions can be used for connecting to Planner.
Project Migrator application for Planner migrations will be added to the Microsoft 365 tenant. For Project Migrator to transfer data using Microsoft Graph API, the administrator must grant the app the correct permissions via a consent process.
The following Microsoft Graph API permissions are required:
For the source Planner migration account:
- Group.Read.All
- User.ReadBasic.All
- Directory.Read.All
Project Migrator will have the following permissions for reading data from Microsoft Planner:
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership
- Read data from existing Plans in Microsoft Planner
- Read sites of Microsoft 365 groups, linked to Planner Plans (required for file attachments migration).
Project for the web account
The connection account for migration to Project for the web (target) should meet the following requirements:
1. The account should be a member/a user of the tenant and the Power Platform Environment where Project for the web is deployed.
2. The account should have any of the following licenses assigned:
- Project Plan P1
- Project Plan P3 (previously called Project Online Professional)
- Project Plan P5 (previously called Project Online Premium)
The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a Security Role in the Environment that allows reading and writing data to the Project for the web (e.g. System Administrator or Service Writer default security roles, or custom roles with Read, Create and Write permissions enabled).
In case the migration is performed to the existing Microsoft 365 groups and projects, the migration account should be added as a member or an owner.
To connect to Project for the web for the first time, Microsoft 365 tenant Global Administrator consent is required to allow Project Migrator to access your Microsoft 365 tenant.
Admin consent should be granted only once before adding the first Project for the web connection account. Once the consent is granted, any user account credentials that meet the requirements can be used for connecting to the Project for the web environment.
Project Migrator application for the Project for the web connection will be added to the Microsoft 365 tenant.
The following API permissions are required:
For the source Project for the web account:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.Read.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
Project Migrator will have the following permissions for reading data from Project for the web:
- Read data in the organization's directory, such as users, groups, all users' basic profiles.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership.
- Read data from existing Projects that the connection account has access to in Project for the web.
- Maintain access to data you have given it access to.
- Access Common Data Service as organization users.
For the target Project for the web account:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.ReadWrite.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
Project Migrator will have the following permissions for reading and writing data to Project for the web environment:
- Read data in the organization's directory, such as users, groups, all users' basic profiles, users' primary email addresses on behalf of the signed-in user.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership on behalf of the signed-in user.
- Create groups, read, and update the group properties and memberships on behalf of the signed-in user. It allows group owners to manage their groups and allows group members to update group content.
- Read and update data in the existing Projects that the connection account has access to in Project for the web, create new Projects, Resources, and Dynamics 365 Teams.
- Maintain access to data you have given it access to.
- Access Common Data Service (CDS) as organization users.