FluentPro Help Center

What do you need help with?

Connection Account Requirements

In this article, we will review permission prerequisites that an account used for migrations should meet.


Planner account

The connection account for migration from Planner (source account) should meet the following requirements:

  • The account should have access to all necessary existing Microsoft 365 groups, Planner Plans, and users.
  • The account should be added as a member to the public and private groups and Plans that need to be migrated (only these groups and Plans will be available to select for the migration).

The connection account for migration to Planner (target account) should meet the following requirements:

  • The account should have access to all necessary existing Microsoft 365 groups, Planner Plans, and users.
  • If the migration is performed to existing Microsoft 365 groups and Plans, the account should be added as a member or an owner to those groups. The account should be a member and an owner of the existing target Private groups.
  • The target Planner migration account should have an Exchange Online license to be able to add task Comments (if the source Plan tasks have Comments to migrate).  

To connect to Microsoft Planner for the first time, tenant Global Administrator consent is required to allow Project Migrator to access your Microsoft 365 tenant.

Admin consent should be granted only once before adding the first Planner connection account. Once the consent is granted, any user account credentials without admin permissions can be used for connecting to Planner.

Project Migrator application for Planner migrations will be added to the Microsoft 365 tenant. For Project Migrator to transfer data using Microsoft Graph API, the administrator must grant the app the correct permissions via a consent process.

The following Microsoft Graph API permissions are required:

For the source Planner migration account:

  • Group.Read.All 
  • User.ReadBasic.All 
  • Directory.Read.All

 Project Migrator will have the following permissions for reading data from Microsoft Planner:

  • Read data from existing Microsoft 365 groups such as basic information, email addresses, membership
  • Read data from existing Plans in Microsoft Planner
  • Read sites of Microsoft 365 groups, linked to Planner Plans (required for file attachments migration).

For the target Planner migration account:

  • Group.ReadWrite.All 
  • Directory.Read.All    
  • Sites.ReadWrite.All
  • User.ReadBasic.All

 Project Migrator will have the following permissions for data migration to Microsoft Planner:

  • Read permissions as required for the source migration account
  • Create new Microsoft 365 groups (Write permissions)
  • Create new and update existing Plans in Microsoft Planner (Write permissions)
  • Read and update sites of Microsoft 365 groups, linked to Planner Plans (Write permissions, required for attachments migration).


Monday.com account:

As a Personal API token is used for the connection to the Monday.com environment, Boards will be available for migration depending on the account permissions in Monday.com.

The following Monday.com data will be read using either the personal API Token of an Admin account or the API token of a Member user account:

  • All Monday.com Workspaces are read even if the connection account is not an owner or member of the Workspaces.
  • All Boards of Main (Public) type from all Workspaces and Folders.
  • Boards of Sharable type where the connection account is an owner or is added as a member.
  • Boards of Private type where the connection account is an owner or a member.
  • Available Boards can be migrated with any Board Permissions (‘Edit everything’, ‘Edit content’, ‘Edit rows assigned’, ‘View only’) as the Boards are only read, but not edited, during the migration. 

For more information on which Monday.com entities are supported for the migration to Microsoft Planner, please refer to the following article.

Account with the Admin role is not required. API tokens of the following accounts can be used for the connection:

1. Admin account (not required).

2. Activated user account with Member role.

Please refer to the How to create API token for Monday article for information on how the tokens are created. 


Trello account

Any active Trello user account can be used for the connection to the Trello environment as the source system. Account with the Admin role is not required. 

Trello Workspaces and Boards will be available for migration depending on the connection account access level in Trello. The following Trello data will be read using the connection account:

  • All Trello Workspaces where the connection account is added as a Workspace Member.
  • Trello users that are Workspace Members in the Workspaces where the connection account is a Workspace Member, and users that are members of the Boards to which the connection account has access.
  • All Public, Workspace Visible, and Organization Boards, where the Trello connection account is a Board member or a member of the Board Workspace. 
  • All Private Boards where the account is added as a Board Member. All Workspace Private Boards may be available if the account is a Workspace Admin, and the admin access to Private Boards within the Workspace is allowed.
  • All Closed Boards where the account is added as a Board Member.

To connect to a Trello account for the first time, Project Migrator should be granted access to the account. The access is requested for 30 days and will expire in 30 days. The access can be revoked anytime from the account settings in Trello, or by removing the account in Project Migrator.

Project Migrator will have the following read permissions for reading data from Trello once the access is granted:

  • Read the connection account name and username
  • Read all Boards and Workspaces that the account has access to
  • Read the account email address
  • Read the account Workspaces' Power-Ups
  • Read the account Enterprises

Project Migrator will not have any write/update permissions in the source Trello environment. 


Project for the web account

The connection account for migration from Project for the web (source) should meet the following requirements:

1. The account should be a member/a user of the tenant and the Power Platform Environment where Project for the web is deployed.

2. The account should have any of the following licenses assigned:

  • Project Plan P1.
  • Project Plan P3 (previously called Project Online Professional).
  • Project Plan P5 (previously called Project Online Premium).

Any of the following licenses is enough for read-only access to the source Project for the web data: 

  • Microsoft 365 F3 and Office 365 F3
  • Office 365 E1
  • Microsoft 365 for business
  • Microsoft E3 and Office 365 E3
  • Microsoft E5 and Office 365 E5
  • Microsoft Power Automate 

The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a security role in the Environment that allows reading all or personal Project for the web data (e.g. System Administrator, Basic User).

Create a Read-Write user account

By default, all licensed users are created with an access mode of Read-Write. This access mode provides full access rights to the user based on the security privileges that are assigned.

How to update the access mode of a user

  1. In the Power Platform Admin center https://admin.powerplatform.microsoft.com, select an environment and go to Settings > Users + permissions > Users.
  2. Select a user's full name.
  3. In the user form, scroll down under Administration to the Client Access License (CAL) Information section. In the Access Mode list, select Read-Write.
  4. Select the Save icon.
         

How to manage User Roles

  1. In the Power Platform Admin center https://admin.powerplatform.microsoft.com, select an environment, and go to Settings > Users + permissions > Users.
  2. Select a user's full name.
  3. Select MANAGE ROLES, select a role you would like to apply (System Administrator, Service Writer, or a custom role with Read, Create and Write permissions enabled).
  4. Click OK.


The account should be a member of all projects in Project for the web (their Microsoft 365 groups) that need to be migrated. In case there are projects without associated groups, the account should be their creator to be able to migrate them.

The connection account for migration to Project for the web (target) should meet the following requirements:

1. The account should be a member/a user of the tenant and the Power Platform Environment where the Project for the web is deployed.

2. The account should have any of the following licenses assigned:

  • Project Plan P1
  • Project Plan P3 (previously called Project Online Professional)
  • Project Plan P5 (previously called Project Online Premium)

The account should have Read-Write or Non-interactive Access Mode to the Power Platform Environment enabled. Also, the account should have a Security Role in the Environment that allows reading and writing data to the Project for the web (e.g. System Administrator or Service Writer default security roles, or custom roles with Read, Create and Write permissions enabled).

In case the migration is performed to the existing Microsoft 365 groups and projects, the migration account should be added as a member or an owner.

To connect to Project for the web for the first time, Microsoft 365 tenant Global Administrator consent is required to allow Project Migrator to access your Microsoft 365 tenant.

Admin consent should be granted only once before adding the first Project for the web connection account. Once the consent is granted, any user account credentials that meet the requirements can be used for connecting to the Project for the web environment.

Project Migrator application for the Project for the web connection will be added to the Microsoft 365 tenant.

The following API permissions are required:

For the source Project for the web account: 

  • Microsoft Graph:  User.ReadBasic.All
  • Microsoft Graph:  Group.Read.All
  • Microsoft Grap:  Directory.Read.All
  • Microsoft Graph:  offline_access
  • Dataverse (Common Data Service): user_impersonation

Project Migrator will have the following permissions for reading data from the Project for the web:

  • Read data in the organization's directory, such as users, groups, all users' basic profiles.
  • Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership.
  • Read data from existing Projects that the connection account has access to in Project for the web.
  • Maintain access to data you have given it access to.
  • Access Common Data Service as organization users.

For the target Project for the web account: 

  • Microsoft Graph:  User.ReadBasic.All
  • Microsoft Graph:  Group.ReadWrite.All
  • Microsoft Grap:  Directory.Read.All
  • Microsoft Graph:  offline_access
  • Dataverse (Common Data Service):   user_impersonation

Project Migrator will have the following permissions for reading and writing data to the Project for the web environment:

  • Read data in the organization's directory, such as users, groups, all users' basic profiles, users' primary email addresses on behalf of the signed-in user.
  • Read data from existing Microsoft 365 groups such as basic information, email addresses, membership, ownership on behalf of the signed-in user.
  • Create groups, read, and update the group properties and memberships on behalf of the signed-in user. It allows group owners to manage their groups and allows group members to update group content.
  • Read and update data in the existing Projects that the connection account has access to in Project for the web, create new Projects, Resources, and Dynamics 365 Teams.
  • Maintain access to data you have given it access to.
  • Access Common Data Service (CDS) as organization users.


Project Online account

The connection account for migration from Project Online (source) should meet the following requirements:

1. The account should be a user of the tenant and the Project Web App site used for the connection. The account should be Active in the PWA.

2. The account should have any of the following licenses assigned:

  • Project Plan 3
  • Project Plan 5
  • Project Online Essentials

3. The account used to register the Project Migrator app and grant permission for the connection with the OAuth authentication type should have at least a Cloud Application Administrator permission (as the app is registered on the tenant level). 

The Cloud Application Administrator permission or a Site Collection Administrator permission is not required for the Basic authentication.

4. If the account is a Site Collection Administrator, all PWA projects and related data will be available for migration.

Administrator permissions are recommended but not required for the migration account. 

If the account is not a Site Collection Administrator: 

The connection account should be added to a Security Group (for the Project Permission Mode) or to a SharePoint permission group (for the SharePoint Permission Mode) that allows logging in to the PWA, reading projects, and project schedules (project team members, tasks, and their field values), resources and users, project and task custom fields, calendars.

The account or its security group should be granted permission to the Security Category that includes all necessary projects and resources and allows ‘Open Project’ permission.

Minimum required PWA permissions

Admin permissions:

  • Manage Enterprise Calendars (required for reading and mapping source calendars)
  • Manage Enterprise Custom Fields (recommended)

General permissions:

  • Log On 
  • Access Project Server Reporting Service
  • View Resource Center (required for reading all project level fields)
    Category Project permissions:
  • Open Project

For the Project Permission Mode, the account should be added to any of the following default Security Groups with the allowed abovementioned permissions (if the account is not a Site Collection Administrator): 

  • Administrators (the account will be able to access all PWA projects) 
  • Portfolio Managers group (the account will be able to access all PWA projects)
  • Portfolio Viewers group (the account will be able to access all PWA projects)
  • Project Managers group (the account will be able to access only the projects where it is a project owner or a project team member).

Suitable default Security Categories (with the allowed ‘Open Project’ permission):

  • My Organization (the account will be able to access all the projects);
  • My Projects (the account will be able to access only the projects allowed by that category, e.g. the projects where it is an owner or a project member).

For the SharePoint Permission Mode, the account should be added to any of the following default SharePoint permission groups (if the account is not a Site Collection Administrator): 

  • Administrators for Project Web App (the account will be able to access all PWA projects)
  • Portfolio Managers for Project Web App (the account will be able to access all PWA projects)

Project Migrator SharePoint app will have the following permissions in the PWA once trusted: 

  • read items in the site collection.
  • read items on the PWA site.
  • access basic information about the users of the PWA site.
  • have administrative access to the PWA site collection.
  • have read access to data in all projects.
  • have read access to enterprise resources.
  • read reporting data from all projects.


Asana account

Source Account

Any active Asana user account can be used for the connection to the Asana environment as the source system. An account with the Admin role is not required. 

Asana Workspaces/Teams and Projects will be available for migration depending on the connection account access level in Asana. The following Asana data will be read using the connection account:

  • All Asana Workspaces, Organization(s), and Teams where the connection account is added as a member, an admin or a guest (for organizations) and which it has access to.
  • Asana users that are added as members or guests (Limited Access users) to the Workspaces/Teams where the connection account is a member, and users that are members of the Projects to which the connection account has access. In case an Organization is enabled in the environment, all Organization users will be read.
  • All Public to Team or Public to Workspace Projects, where the Asana connection account is a Project member (with ‘Edit’ or ‘Comment’ access), an owner, or a member of the Project Workspace/Team. 
  • All Private Projects where the account is added as a Project member (with ‘Edit’ or ‘Comment’ access) or an owner. 
  • All Archived Projects where the Asana account is a Project member, an owner, or a member of the Project Workspace/Team.

To connect to an Asana account for the first time, Project Migrator should be granted access to the account. 

Project Migrator will have the following permissions for reading data from Asana once the access is granted:

  • Read the connection account name and email address
  • Read all Teams and Workspaces, Projects, and tasks that the account has access to
  • Read the name and email address of Asana users that are accessible by the account

The permission to create and modify tasks, projects, and comments on behalf of the connection account is requested for the app, however, the write/update access is not used by Project Migrator.

The granted access to the Asana environment can be revoked anytime from the account settings: Apps by deauthorizing the Project Migrator app in Asana.

Target account

Connection to Organization

Account should be:

  • An active organization account of Admin or Member type.
  • A member of the Team if migration is performed to the existing Team.
  • A member of a project with edit permission if migration is performed to the existing project.

Connection to Workspace

Account should be:

  • An active workspace account of Admin (Billing Owner) or Member type.
  • A member of a project with edit permission if migration is performed to the existing project.

To connect to an Asana account for the first time, Project Migrator should be granted access to the account.

Project Migrator will have the following permissions for reading data from Asana once the access is granted:

  • Access your name and email address.
  • Access your tasks, projects, and workspaces.
  • Create and modify tasks, projects, and comments on your behalf.

The granted access to the Asana environment can be revoked anytime from the account settings: Apps by deauthorizing the Project Migrator app in Asana.

Asana users that are added as members or guests (Limited Access users) to the Workspaces where the connection account is a member, and users that are members of the Projects to which the connection account has access will be read. In case an Organization is enabled in the environment, all Organization users will be read.


Smartsheet account

The connection account is required to be an active user in Smartsheet.

System Admin role in the tenant is not required.

To connect to a Smartsheet account, Project Migrator should be granted access to it – the Project Migrator app should be authorized after the login.

Project Migrator will have the following permissions in Smartsheet once the access is granted:

  • View basic user info, including name and email
  • Read sheets, including attachments and comments
  • View account users, groups, and group members
  • Retrieve contacts

The granted access to the Smartsheet environment can be revoked anytime from the account Personal Settings -> Apps by clicking ‘Revoke’ for the Project Migrator app in Smartsheet.

Smartsheet Sheets will be available for the migration depending on the connection account access level in Smartsheet – its roles in the Workspaces and Sheets. Those Sheets will be available for the migration where the connection account is added to the Sheet Shares with any role (Owner, Admin, Editor, Commenter, Viewer), or to the Workspace Shares where the Sheet is located, with any role.


Was this article helpful?

Table of contents

    Back To Top