What Permissions Fluix requests when connecting to OneDrive/SharePoint?

Integrations

Last Updated: Jun 22, 2026

3 min read

When connecting OneDrive or SharePoint as a storage integration in Fluix, Microsoft will prompt you to grant Fluix a set of permissions. These permissions allow Fluix to access and manage your files on your behalf.

Delegated permissions are used when a signed-in user is present. This means Fluix acts on behalf of the user who authorized the connection, and the app can only do what that user is allowed to do. These permissions can be granted by the user themselves or by an administrator, depending on the permission level.

Application permissions are used for background operations that run without an active signed-in user. These permissions require administrator consent and allow Fluix to continue working with your storage even when no user session is active.

Below is a breakdown of each permission Fluix requests and why it is needed.

Delegated Permissions (User Account – authorization code flow)

  • Files.ReadWrite.All — Allows Fluix to read, create, update, and delete files you have access to in OneDrive. This is required for Fluix to work with the OneDrive API on your behalf.
  • Sites.ReadWrite.All — Allows Fluix to edit and delete documents and list items across SharePoint site collections on your behalf. This is required for Fluix to work with the SharePoint API.
  • offline_access — Allows Fluix to access and update your data even when you are not actively using the app. This ensures the integration continues to function in the background without requiring you to re-authenticate each time. This permission does not grant any additional access beyond what has already been authorized.

Application Permissions (App-Only – client credentials flow)

  • Files.ReadWrite.All — Allows Fluix to read, create, update, and delete files across all site collections without a signed-in user. This is required for background operations within the OneDrive integration.
  • Sites.ReadWrite.All — Allows Fluix to create, read, update, and delete documents and list items across all SharePoint site collections without a signed-in user. This is required for background operations within the SharePoint integration.
  • Organization.Read.All — Allows Fluix to read your organization’s information, such as the tenant name, without a signed-in user. This is used so that once your tenant is recognized, it can be selected when setting up a new storage connection without requiring you to grant access to Fluix again.

Note: Application permissions can only be granted by a Microsoft administrator. If you are not an admin, please contact your IT team to complete the authorization.

In case you have any questions or difficulties with setup, contact our support at support@fluix.io, and we’ll be happy to help you.

Was this article helpful?
Thanks for your feedback!
Oops, something went wrong. Please, try again later.
Thank you!
What details or examples would have made this article more helpful for you? We appreciate your insights!
Sign Up to Our Product Newsletter

The latest updates from our Product team, straight to your inbox