Essential SharePoint Permissions for Seamless SyncEzy Integration

Essential SharePoint Permissions for Seamless SyncEzy Integration

                                                                                                      SharePoint Permissions

Overview : 
                        This document outlines the essential SharePoint site permissions required for SyncEzy integration, along with the reasons for requesting these permissions. It also provides guidance on verifying, assigning permissions, and addressing common queries related to the integration.

Please note: While you can check user permissions using the guidelines below, the recommended approach is to create a dedicated service user credential. This best practice, outlined in this article, only takes a few minutes and enhances security.

  SharePoint Permissions and Reasons

Scope/Permission

Description

Reason for Request

Full Control (Site Owners)Grants full control over the SharePoint site, including managing security, web parts, and navigation.Required to enable full administrative control for integration setup, including configuring the SyncEzy connection and managing sync settings.
Edit Permissions (Site Members)Allows users to add, edit, delete, and share content in SharePoint, including documents, pages, and events.Necessary for syncing content changes made by team members in SharePoint/Teams Channels back to connected systems such as Procore. This permission ensures that end-user changes trigger and propagate correctly through the integration.
Read-Only Access (Site Visitors)Provides view and download permissions without editing rights.Not typically required for syncing but can be used for users who need access to verify data syncs without modifying content.





Steps to Check and Grant Permissions

Check User Permissions

  1. Navigate to the SharePoint site.
  2. Click the Members button on the site homepage.
  3. Review the list of Owners and Members to verify the user’s role and access level.






Grant Permissions to Users

  1. Log in as a Site Owner or Administrator.
  2. Click on the Cog icon (Settings) > Site permissions > Advanced permission settings.
  3. Select the appropriate Group (Owners, Members, or Visitors) based on the user’s role.
  4. Click New > Add Users, then enter the email addresses of the users to be added.
  5. Click Share to save changes.


Technical Considerations for SyncEzy Integration

  • Permissions such as Full Control or Edit are required to enable SyncEzy to mirror user actions between SharePoint and integrated platforms like Procore.
  • Post-permission granting, there may be a delay of up to 24 hours for the site to appear in the SyncEzy configuration dropdown due to SharePoint API indexing.


FAQs
What Permissions are requested from Sharepoint ?

You will come across this screen while authentication of the SyncEzy Sharepoint integrations.  given below are the reasons for each of these permissions.




Permission (Display Text)Microsoft Graph / SharePoint Permission NameTypeWhat This Allows
Sign in and read user profileUser.ReadDelegatedAllows the app to identify the signed-in user and read basic profile info (name, email). Required for authentication only.
Create, edit, and delete items and lists in all site collectionsSites.FullControl.AllApplicationGrants the integration the ability to create folders, upload documents, rename files, and delete synced files/folders within the designated document library. Required for syncing files to/from SharePoint.
Read items in all site collectionsSites.Read.AllApplicationAllows the app to read items and metadata in SharePoint sites. Used to detect all sites to allow sync config to be setup.
Read user filesFiles.ReadDelegatedAllows reading files in the signed-in user's OneDrive / document libraries. Used only when operating in a user-context scenario.
Read all files that user can accessFiles.Read.AllDelegatedAllows the integration to read any SharePoint / OneDrive files the user themselves has access to. Ensures sync does not break due to per-folder security.
Have full access to user filesFiles.ReadWriteDelegatedAllows editing and updating files the user has access to. Enables two-way syncing of modified files.
Have full access to all files user can accessFiles.ReadWrite.AllApplicationAllows the integration to upload, update, and restructure content where the user has permissions. Required for reliable project folder syncing.
Maintain access to data you have given it access tooffline_accessDelegatedAllows the integration to maintain authentication without forcing re-login. Ensures uninterrupted automatic syncing in the background.

Important Context
  1. These permissions are Required for two way sync in SharePoint/OneDrive automated sync integrations.
  2. The integration does not access anything outside the configured project libraries that are connected in the Sync configuration. 
  3. Access is limited by your SharePoint sharing/security model — the integration cannot see or modify what the service account itself cannot see.  Recommended best practice is to create a new service account user and give it access only to the sharepoint sites that need to be synced.
  4. The one-time step ensures that SyncEzy can access the SharePoint site to configure project integrations and facilitate seamless sync functionality.

How Secure Is the Integration?

  • SyncEzy does not have visibility into your SharePoint or Procore accounts. It only mirrors end-user actions triggered on either side of the integration.
  • Delete limits can be enforced by Admin.
  • For Sharepoint integrations, SyncEzy doesn't store any of the actual files on SyncEzy servers, only metadata is saved to SyncEzy servers
  • For any concerns, contact the SyncEzy Tech Specialist team via the 24/5 support icon.