Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Details on Sharepoint Connector permissions

Georg Fankhauser
Georg Fankhauser
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 17, 2025

Hi all,

we want to extend the knowledge of our rovo and the rovo of our clients to sharepoint and teams.

We've had some discussion with it- and it-security-departments and have some questions, which we need to find additional answers to.

Basically you need to set up an Entra App Registration with "extensive" rights - so with the app registration, basically all data can and will be extracted from the sources, for syncing to and indexing in Rovo:

  • Directory.Read.All
  • Files.Read.All
  • Group.Read.All
  • GroupMember.Read.All
  • User.Read.All
  • Reports.Read.All
  • Sites.Read.All
  • AuditLogsQuery-SharePoint.Read.All

There is - on this end - no consideration or filtering of data to the scope of the availability of the individual user.

So if I understand that right, then ROVO is building up an additional index with the full data of sharepoint, teams, outlook in the atlassian sphere (teams graph?).

Then the query out of rovo is not directed to the sharepoint, but to the index in the atlassian sphere, and then rovo takes care of the permissions and visibility.

Do you know if there is any available material, in how this permission topic is handled for the microsoft world connected apps (teams, sharepoint, outlook)? How does ROVO transfer permission, security groups etc. then for rovo?

In the atlassian docs i can only find: "the permissions in third party app are respected" - but  that's not sufficient for some it departments. The fear is, that they cannot directly set the permissions in the entra/microsoft sphere but have to rely on a proper handling on rovo/atlassian end - and teams / outlook data contain personal / protected information.

What do you tell, hand over to your it departments?

Thanks a lot for your support

--

Here is an excerpt of what I found:

Connect SharePoint to Rovo | Atlassian Support
How Rovo connector permissions are kept in sync | Atlassian Support

"This means restricted data in your connected third-party apps (for example, a private file or folder in Google Drive) can only be seen and used in Rovo by those users who already have access to that content in such third-party apps."

"Rovo relies on and respects the permissions that are set in your third-party apps. Content that isn’t restricted may appear for all users in search results, or can be used by Agents or Chat."

Answer
Watch
Like # people like this
60 views

0 answers

Suggest an answer

Log in or Sign up to answer
Rovo Atlassian Intelligence
Rovo
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security