In this article, we will review connection account requirements for the Project for the web -> Project for the web migration scenario.
Project for the web source account
The connection account for migration from Project for the web (source) should meet the following requirements:
1. The account should be a member/a user of the tenant and the Power Platform Environment where Project for the web is deployed.
2. The account should have any of the following licenses assigned:
- Project Plan P1.
- Project Plan P3 (previously called Project Online Professional).
- Project Plan P5 (previously called Project Online Premium).
Any of the following licenses is enough for read-only access to the source Project for the web data:
- Microsoft 365 F3 and Office 365 F3
- Office 365 E1
- Microsoft 365 for business
- Microsoft E3 and Office 365 E3
- Microsoft E5 and Office 365 E5
- Microsoft Power Automate
The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a security role in the Environment that allows reading all or personal Project for the web data (e.g. System Administrator, Basic User).
Create a Read-Write user account
By default, all licensed users are created with an access mode of Read-Write. This access mode provides full access rights to the user based on the security privileges that are assigned.
How to update the access mode of a user
- In the Power Platform Admin center https://admin.powerplatform.microsoft.com, select an environment and go to Settings > Users + permissions > Users.
- Select a user's full name.
- In the user form, scroll down under Administration to the Client Access License (CAL) Information section. In the Access Mode list, select Read-Write.
- Select the Save icon.
How to manage User Roles
- In the Power Platform Admin center https://admin.powerplatform.microsoft.com, select an environment, and go to Settings > Users + permissions > Users.
- Select a user's full name.
- Select MANAGE ROLES, select a role you would like to apply (System Administrator, Service Writer, or a custom role with Read, Create and Write permissions enabled).
- Click OK.
The account should be a member of all projects in Project for the web (their Microsoft 365 groups) that need to be migrated. In case there are projects without associated groups, the account should be their creator to be able to migrate them.
Project for the web target account
The connection account for migration to Project for the web (target) should meet the following requirements:
1. The account should be a member/a user of the tenant and the Power Platform Environment where the Project for the web is deployed.
2. The account should have any of the following licenses assigned:
- Project Plan P1
- Project Plan P3 (previously called Project Online Professional)
- Project Plan P5 (previously called Project Online Premium)
The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a Security Role in the Environment that allows reading and writing data to the Project for the web (e.g. System Administrator or Service Writer default security roles, or custom roles with Read, Create and Write permissions enabled).
In case the migration is performed to the existing Microsoft 365 groups and projects, the migration account should be added as a member or an owner.
To connect to Project for the web for the first time, Microsoft 365 tenant Global Administrator consent is required to allow Project Migrator to access your Microsoft 365 tenant.
Admin consent should be granted only once before adding the first Project for the web connection account. Once the consent is granted, any user account credentials that meet the requirements can be used for connecting to the Project for the web environment.
Project Migrator application for the Project for the web connection will be added to the Microsoft 365 tenant.
The following API permissions are required:
For the source Project for the web account:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.Read.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
Project Migrator will have the following permissions for reading data from the Project for the web:
- Read data in the organization's directory, such as users, groups, all users' basic profiles.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership.
- Read data from existing Projects that the connection account has access to in Project for the web.
- Maintain access to data you have given it access to.
- Access Common Data Service as organization users.
For the target Project for the web account:
- Microsoft Graph: User.ReadBasic.All
- Microsoft Graph: Group.ReadWrite.All
- Microsoft Grap: Directory.Read.All
- Microsoft Graph: offline_access
- Dataverse (Common Data Service): user_impersonation
Project Migrator will have the following permissions for reading and writing data to Project for the web environment:
- Read data in the organization's directory, such as users, groups, all users' basic profiles, users' primary email addresses on behalf of the signed-in user.
- Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership on behalf of the signed-in user.
- Create groups, read, and update the group properties and memberships on behalf of the signed-in user. It allows group owners to manage their groups and allows group members to update group content.
- Read and update data in the existing Projects that the connection account has access to in Project for the web, create new Projects, Resources, and Dynamics 365 Teams.
- Maintain access to data you have given it access to.
- Access Common Data Service (CDS) as organization users.