In this article, you will find reference tables that summarize the permissions and authorizations you need to perform different migrations in ShareGate Migrate.
For more details on each permission, see Microsoft administrative permissions. For more information on Microsoft 365 roles, see the Microsoft documentation, About admin roles.
Note: Permissions granted through Azure PIM might not work or could cause unauthorized errors during an operation.
Index
Microsoft 365 and SharePoint on-premises
The following information is applicable to the source and destination.
Microsoft 365 | SharePoint on-premises | |
Global admin | Grant consent to the Azure ShareGate migration tool application.
Connect to your admin center to migrate multiple site collections.
Migrate teams and Microsoft 365 groups.
Use Copy mailboxes. | N/A |
Farm admin | N/A | Connect to your central admin to migrate multiple site collections. |
SharePoint admin | Connect to your admin center to migrate multiple site collections.
Migrate teams and Microsoft 365 groups once a global admin has consented to the Azure ShareGate migration tool application. | N/A |
Site collection admin* | Perform migrations.
Use Insane mode.
| Perform migrations.
Note: You must also be site owner in SharePoint 2003. |
Teams admin | Also needed to migrate teams with a SharePoint admin account (if you are a global admin, this is not required). | N/A |
Term store admin | Migrate content with managed metadata.
| Migrate content with managed metadata.
|
Manage user alerts permissions | Copy user alerts. | Copy user alerts (you will need to install the server extension). |
Read-only lock | Must be removed from your site collection(s). See Read-only lock for more information. | Must be removed from your site collection(s). See Read-only lock for more information. |
*Site collection admin permissions are required even if you have a higher permission level like SharePoint admin. For more information, see Administrative permissions.
Note: Though you might be able to perform very simple content migrations with Full control permissions, it is not supported as it can cause unexpected errors.
File share
The following information is applicable to the source. See the table above for permissions related to the destination.
File share | |
Default Read NTFS permission or higher | Required so the app can read the file share items. |
Network drive mapping | Map your network drives so they can be accessed in the app. |
Google Drive
The following information is applicable to the source. See the table above for permissions related to the destination.
Google Drive | |
Google Drive Administrator | Required to add ShareGate Migrate to the Google Workplace allowlist. |
The Google Apps domain permission is required to connect with ShareGate Migrate Administrator mode. | |
Useful when you want to migrate multiple users in your domain without connecting to each one of those accounts manually. | |
View users on your domain (read-only) | Needed for Administrator mode. We need to list all of your domain's users to display them in the Explorer, so you can create user mappings. |
View groups on your domain (read-only) | Needed for Administrator mode. We need to list your groups so you can create group mappings. |
View domains related to your customers (read-only) | Needed for Administrator mode. We need to know what domains are associated with your Google Apps account to check if you are allowed to create credentials for users that have a different domain in their email addresses. |
Box.com
The following information is applicable to the source. See the table above for permissions related to the destination.
Box.com | |
Administrator credentials | Needed to authorize ShareGate Migrate to connect to your Box enterprise account. |