In this article, we will review permission prerequisites that an account used for backup should meet.
For Backup operations:
The connection account for Project for the web/Planner (premium plans) backup should meet the following requirements:
1. The account should be a member/a user of the tenant and the Power Platform Environment where Project for the web/Planner (premium plans) is deployed.
2. The account should have any of the following licenses assigned:
- Project Plan P1.
- Project Plan P3 (previously called Project Online Professional).
- Project Plan P5 (previously called Project Online Premium).
Any of the following licenses is enough for read-only access to Project for the web/Planner (premium plans) data:
- Microsoft 365 F3 and Office 365 F3
- Office 365 E1
- Microsoft 365 for business
- Microsoft E3 and Office 365 E3
- Microsoft E5 and Office 365 E5
- Microsoft Power Automate
The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a security role in the Environment that allows reading all or personal Project for the web/Planner (premium plans) data (e.g. System Administrator, Basic User) The account should be a member of all projects in Project for the web/Planner (premium plans) (their Microsoft 365 groups) that need to be backed up. In case there are projects without associated groups, the account should be their creator to be able to back up them.
For Restore operations:
1. The account should be a member/a user of the tenant and the Power Platform Environment where Project for the web/Planner (premium plans) is deployed.
2. The account should have any of the following licenses assigned:
- Project Plan P1
- Project Plan P3 (previously called Project Online Professional)
- Project Plan P5 (previously called Project Online Premium)
3. The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled.
Also, the account should have a Security Role in the Environment that allows reading and writing data to Project for the web (e.g. System Administrator or Service Writer default security roles, or custom roles with Read, Create and Write permissions enabled).
In case the restore is performed to the existing Microsoft 365 groups, the connection account should be added as a member or an owner to them.
To connect to Project for the web/Planner (premium plans) for the first time, Microsoft 365 tenant Global Administrator consent is required to allow FluentPro Backup to access your Microsoft 365 tenant.
Admin consent should be granted only once before adding the first Project for the web/Planner (premium plans) connection account. Once consent is granted, any user account credentials that meet the requirements can be used to connect to your Project for the web/Planner (premium plans) environment.
Please refer to this article if you receive the 'Need admin approval' message while adding a Project for the web/Planner (premium plans) connection.
FluentPro Backup application for Project for the web/Planner (premium plans) connection will be added to the Microsoft 365 tenant.
The following API permissions will be granted:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.ReadWrite.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
FluentPro Backup will have the following permissions for reading (backup) and writing (restore) Project for the Web/Planner (premium plans) data:
- Read data in the organization's directory, such as users, groups, all users' basic profiles, users' primary email addresses on behalf of the signed-in user.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership on behalf of the signed-in user.
- Create groups, read, and update the group properties and memberships on behalf of the signed-in user. It allows group owners to manage their groups and allows group members to update group content.
- Read and update data in the existing Projects that the connection account has access to in Project for the web, create new Projects, Resources, and Dynamics 365 Teams.
- Maintain access to data you have given it access to.
- Access Common Data Service (CDS) as organization users.