Connecting Tools, Authorization, and Permissions
      Back to home
      1. Help Center
      2. Using Unito
      3. Connecting Tools, Authorization, and Permissions

      User Permissions Required by Unito

      Understand the access Unito needs within your tool(s) to enable each integration to sync properly.

      Which tools are covered in this article?

        Unito requires appropriate permissions within your connected tools in order to sync work items. While most apps or tools have a straightforward authorization process in Unito, some need special attention to ensure your flows sync smoothly.

        Here are these permissions, outlined for each tool.

        What are OAuth Scopes? Open Authorization (OAuth) allows Unito to securely access specific data within your tools. During integration setup, you'll grant OAuth scopes to define the level of access required for effective syncing.

        Regarding data security and privacy, rest assured Unito is SOC 2 Type 2 certified and all information is encrypted. 

        Trello permissions

        The user account selected in your flow must be a member of the Trello Board you want to sync:

        OAuth Scopes for Unito's Trello integration

        Trello oauth

        Jira permissions

        In order to sync your Jira projects, you'll need a mix of global and project-specific permissions, from login permissions to issue and comment permissions. You can find the full list of user permissions here

        Note that you need administrator permissions to connect your Jira account to Unito. Once the account is connected, you only need project-level admin permissions to create a flow.

        If you get stuck on setting up permissions schemes in Jira, you can find a guide here.

        OAuth Scopes for Unito's Jira integration

        Jira oauth

        GitHub permissions

        You need to both be a member of the organization that owns the repository you want to sync and a collaborator (which is different from a contributor). If your organization has enabled third-party application restrictions, you'll need to follow this step-by-step guide for approving third-party apps in GitHub.

        In addition, we need the repository permission that includes “repository webhooks for public and private repositories” to create webhooks. We do not require the admin:repo_hook permission. You can get more information about these permissions here.

        Most importantly, Unito will never ask for, or require access to, any code you have stored on GitHub.

        Note: We can't sync a repository if it was forked from another repository.

        OAuth Scopes for Unito's GitHub integration

        GitHub OAuth scopes

        GitLab permissions

        The GitLab account you use with Unito needs to be a member of the organization that owns the repository that you want to sync. You'll also need push — or read/write — access.

        We use webhooks to improve workflow performance. To create those webhooks, the GitLab account you use with Unito must have Maintainer or Owner-level permissions. That's because we need the Configure project hooks permission. You can learn more about GitLab's user permissions here.

        Bitbucket permissions

        Just like GitLab and GitHub, your account needs to be part of the organization that owns the repositories you need to sync and you'll need push access. Beyond that, you'll also need the issue tracker enabled on the repository, which is disabled by default.

        Asana permissions

        Your account needs to be a full member of your organization, not a guest. Then, make sure the account is part of the Asana team that owns the project you want to sync.

        OAuth Scopes for Unito's Asana integration

        Asana oauth

        monday.com permissions

        No special permissions required!

        OAuth Scopes for Unito's monday.com integration

        Function Permissions Required
        Read your basic personal details me:read
        Read board data boards:read
        Modify board data boards:write
        Access data about your account's users users:read
        Read updates data updates:read
        Modify updates data updates:write
        Read teams data teams:read
        Access information about your account account:read

        ClickUp permissions

        Just connect your account and you're ready to go.

        Basecamp permissions

        Being a member of the Basecamp workspace that needs syncing should be enough. No special permissions required!

        Wrike permissions

        Make sure the project or folder is shared with the account you're using for your workflows. Also, because all projects and folders in Wrike are private by default, the ones you want to sync need to be shared with the account used to sync them.

        Zendesk permissions

        Confirm that your Zendesk account has admin privileges. We need this in order to search for certain endpoints and create webhooks.

        OAuth Scopes for Unito's Zendesk integration

         
        'crm.objects.contacts.read',
        'crm.objects.contacts.write',
        'crm.schemas.contacts.read',
        'crm.objects.deals.read',
        'crm.objects.deals.write',
        'crm.schemas.deals.read',
        'crm.objects.companies.read',
        'crm.objects.companies.write',
        'crm.schemas.companies.read',
        'crm.objects.owners.read',
        'crm.objects.line_items.write',
        'crm.objects.line_items.read',
        'tickets',

         

        Zendesk oauth

        HubSpot permissions

        Only a HubSpot Super Admin can connect your account to Unito and create flows to sync tasks, tickets or deals.

        OAuth scopes for Unito's HubSpot integration

        OAuth Scope Definition

        crm.settings.properties.write 

        		 Enables Unito to edit the settings of properties in your HubSpot CRM. This includes changing the name, description, group name, field type, options for dropdown fields, and other settings related to properties.
        crm.objects.contacts.read Allows Unito to read or retrieve contact information from your HubSpot CRM.
        crm.objects.contacts.write Enables Unito to create, update, or delete contact information in your HubSpot CRM.
        crm.schemas.contacts.read Gives Unito permission to read the structure or schema of your contact data in HubSpot. This includes information about what fields are available for contacts and their data types.
        crm.objects.deals.read Allows Unito to read or retrieve deal information from your HubSpot CRM.
        crm.objects.deals.write Enables Unito to create, update, or delete deal information in your HubSpot CRM.
        crm.schemas.deals.read Gives Unito permission to read the structure or schema of your deal data in HubSpot. This includes information about what fields are available for deals and their data types.
        crm.objects.companies.read Allows Unito to read or retrieve company information from your HubSpot CRM.
        crm.objects.companies.write Enables Unito to create, update, or delete company information in your HubSpot CRM.
        crm.schemas.companies.read Gives Unito permission to read the structure or schema of your company data in HubSpot. This includes information about what fields are available for companies and their data types.
        crm.objects.owners.read Allows Unito to read or retrieve owner information from your HubSpot CRM.
        crm.objects.line_items.write Enables Unito to create, update, or delete line item information in your HubSpot CRM. Line items typically represent individual products or services in a deal.
        crm.objects.line_items.read Allows Unito to read or retrieve line item information from your HubSpot CRM.
        tickets Gives Unito permission to read, write, and delete tickets in your HubSpot Service Hub. Tickets represent customer service issues or tasks.
        Contacts Provides access to Contact, Companies, Deals, Properties, Engagements, and Owners endpoints.

        Salesforce permissions

        Salesforce's granular permissions model means users must have edit rights on a field to include it in a Unito flow. Additionally, your Salesforce plan must support API access.

        Custom Fields in Salesforce: Unito can only access custom fields that are available to the specific user connecting the integration.

        ServiceNow permissions

        Users require full access to read, write, create, and delete permissions on the specific tables you want Unito to sync in ServiceNow. 

        Who Typically Holds These Permissions?

        • System Administrators ('admin' role): Admins have wide-ranging control over ServiceNow instances, including managing tables and their permissions.
        • Users with Tailored Roles: ServiceNow allows role creation and customization. It's possible to specifically grant the necessary 'read, write, create, delete' permissions to a role for tables targeted by Unito syncs.

        How to Verify and Manage Permissions

        This process might require the assistance of a ServiceNow administrator:

        1. Table Access Control Lists (ACLs): Each table in ServiceNow has ACLs specifying the actions (read, write, etc.) allowed for different roles.
        2. Roles: Check roles assigned to the user intending to use Unito. Ensure the role has the needed ACLs on relevant tables.

        Smartsheet permissions

        Add your Smartsheet account to Unito and you'll be ready to sync your Sheets. No additional permissions needed.

        Required OAuth Scopes for Unito's Smartsheet integration 


        SCOPE This scope gives Unito permission to:
        CREATE_SHEETS Create new sheets in your Smartsheet account.
        ADMIN_WEBHOOKS Create, delete, and update webhooks, get information on all webhooks, and reset shared secrets. Webhooks are used to notify Unito when there are changes in your Smartsheet data.
        READ_CONTACTS Read or retrieve contact information from your Smartsheet account.
        READ_SHEETS Read all sheet data, including attachments, discussions, and cell data. This is necessary for Unito to sync this data.
        READ_USERS Retrieve user and group information from your Smartsheet organization account.
        WRITE_SHEETS Insert and modify sheet data, including attachments, discussions, and cell data. This is necessary for Unito to make updates to your Smartsheet data based on changes in other synced tools.
        DELETE_SHEETS Delete sheets in your Smartsheet account.

        Slack permissions

        Add your Slack account to Unito and you'll be ready to sync your conversations. No additional permissions needed.

        OAuth Scopes for Unito's Slack integration

        SCOPE This scope gives Unito permission to:  
        channels:history View messages and other content in public channels that your Slack app has been added to.  
        channels:join Join public channels in a workspace  
        channels:manage Manage public channels that your Slack app has been added to and create new ones.  
        channels:read View basic information about public channels in a workspace  
        chat:write Manage a user's public channels and create new ones on a user's behalf  
        users:read View people in a workspace  
        users:read.email View email addresses of people in a workspace  

        Google Sheets permissions

        During the authorization process, you'll need to give Unito access to your Google account so your flow can see and edit your sheets.

        OAuth scopes for Unito's Google Sheets integration

        SCOPE Type of Data This scope gives Unito permission to:
        Read & Write  Metadata Access to the user's file metadata, excluding downloadUrl and thumbnail.
        Sheets Allows read/write access to the user's sheets and their properties.
        Read Email address View your email address.
        Profile See your personal info, including any personal info you've made publicly available

        Notion permissions

        During the authorization process, you'll need to select the pages or databases you want to give Unito access to — along with its children.

        OAuth scopes for Unito's Notion integration

        SCOPE Type of Data This scope gives Unito permission to:
        Read & Write Pages (view and edit) View and edit pages you select in the next step. You can also share pages later with Unito via the Share menu.
        Pages (create new) Add new pages/databases inside pages it has access to.
        Read Email address View all workspace members and guests and their email addresses.

        Intercom permissions

        To use Unito, make sure your Intercom account has "Can install, configure and delete apps" access turned on. You can find this under the Apps and integrations section of your user permissions.

        Teamwork permissions

        In order to properly sync tasks, Unito users need to be a Client User in Teamwork and not just a Collaborator.

        Beyond that, Unito only needs special permissions if you want to create Teamwork projects directly from Unito. To do this, you must have administrator permissions in Teamwork or permission to add projects. If you don't have these permissions, reach out to someone who has administrator permissions.

        Excel permissions

        Unito needs Read & Write permissions to sync rows from an Excel spreadsheet.

        Outlook permissions

        Unito needs Read and Write permissions to sync Outlook events. You'll also need an account with admin permissions to use Unito's Outlook integration.

        Facebook Ads Manager permissions

        Unito requires the 'read_ads' permission to access and sync your ad campaign data.

        Roles with "read_ads" Permission by Default:

        • Advertiser: A role specifically focused on being able to view ad performance and reporting.
        • Analyst: Has broad access to view advertising insights.
        • Admin: Has full control of the Ads Manager account, including all ad-related permissions.

        Who Might Not Have It

        • Editor: This role primarily focuses on creating and editing ads, potentially lacking the specific "read_ads" permission to view in-depth insights.

        How to Check and Assign the "read_ads" Permission

        1. Business Settings: Navigate to your Facebook Business Settings.
        2. Accounts > Ad Accounts: Select the relevant ad account.
        3. People: Here you can view existing users and their assigned roles.
        4. Add People: Grant the "read_ads" permission when adding new users, or edit the permissions of existing users.

        MySQL permissions

        Here's the breakdown of MySQL permissions needed, along with who typically has them: 

        • INSERT, SELECT, UPDATE, DELETE on each table to be synced: These are the core permissions allowing Unito to create, read, modify, and remove data within your MySQL tables.
        • SELECT on the information_schema schema: This schema holds metadata about your database structure, essential for Unito to understand what to sync.

        Who Has These Permissions?

        • Database Administrators (DBAs): DBAs typically have full control over a MySQL database, including schema management and granting permissions.
        • Users with Custom Privileges: It's possible to specifically grant these required permissions to individual users based on their synchronization needs.

        How to Check and Grant MySQL Permissions

        The process usually involves using SQL commands:

        1. SHOW GRANTS: Use SHOW GRANTS FOR 'user'@'host'; (replace 'user' and 'host' appropriately) to see existing permissions.
        2. GRANT: Use GRANT INSERT, SELECT, UPDATE, DELETE ON database.table TO 'user'@'host'; to assign table-level permissions.
        3. Schema-Level GRANT: Grant SELECT permissions on the information_schema: GRANT SELECT ON information_schema.* TO 'user'@'host';

        Important Considerations

        • Principle of Least Privilege: Grant only the necessary permissions to minimize potential security risks.
        • Data Sensitivity: If dealing with highly sensitive data, involve your DBA to ensure proper authorization and security best practices.

        Official MySQL Documentation

        For in-depth instructions and syntax examples, refer to the official MySQL documentation on user account management.