Connecting Tools, Authorization, and Permissions
  1. Help Center
  2. Using Unito
  3. Connecting Tools, Authorization, and Permissions

User Permissions Required by Unito

Understand the access Unito needs within your tool(s) to enable each integration to sync properly.

Which tools are covered in this article?

    Unito requires appropriate permissions within your connected tools in order to sync work items. While most apps or tools have a straightforward authorization process in Unito, some need special attention to ensure your flows sync smoothly.

    Here are these permissions, outlined for each tool.

    What are OAuth Scopes? Open Authorization (OAuth) allows Unito to securely access specific data within your tools. During integration setup, you'll grant OAuth scopes to define the level of access required for effective syncing.

    Regarding data security and privacy, rest assured Unito is SOC 2 Type 2 certified and all information is encrypted. 

    Trello permissions

    The user account selected in your flow must be a member of the Trello Board you want to sync:

    OAuth Scopes for Unito's Trello integration

    Trello oauth

    Jira permissions

    In order to sync your Jira projects, you'll need a mix of global and project-specific permissions, from login permissions to issue and comment permissions. You can find the full list of user permissions here

    Note that you need administrator permissions to connect your Jira account to Unito. Once the account is connected, you only need project-level admin permissions to create a flow.

    If you get stuck on setting up permissions schemes in Jira, you can find a guide here.

    OAuth Scopes for Unito's Jira integration

    Jira oauth

    GitHub permissions

    You need to both be a member of the organization that owns the repository you want to sync and a collaborator (which is different from a contributor). If your organization has enabled third-party application restrictions, you'll need to follow this step-by-step guide for approving third-party apps in GitHub.

    In addition, we need the repository permission that includes “repository webhooks for public and private repositories” to create webhooks. We do not require the admin:repo_hook permission. You can get more information about these permissions here.

    Most importantly, Unito will never ask for, or require access to, any code you have stored on GitHub.

    Note: We can't sync a repository if it was forked from another repository.

    OAuth Scopes for Unito's GitHub integration

    GitHub OAuth scopes

    GitLab permissions

    The GitLab account you use with Unito needs to be a member of the organization that owns the repository that you want to sync. You'll also need push — or read/write — access.

    We use webhooks to improve workflow performance. To create those webhooks, the GitLab account you use with Unito must have Maintainer or Owner-level permissions. That's because we need the Configure project hooks permission. Learn more about GitLab user permissions.

    Bitbucket permissions

    Just like GitLab and GitHub, your account needs to be part of the organization that owns the repositories you need to sync and you'll need push access. Beyond that, you'll also need the issue tracker enabled on the repository, which is disabled by default.

    Asana permissions

    Your account needs to be a full member of your organization, not a guest. Then, make sure the account is part of the Asana team that owns the project you want to sync.

    OAuth Scopes for Unito's Asana integration

    Asana oauth

    monday.com permissions

    No special permissions required!

    OAuth Scopes for Unito's monday.com integration

    Function Permissions Required
    Read your basic personal details me:read
    Read board data boards:read
    Modify board data boards:write
    Access data about your account's users users:read
    Read updates data updates:read
    Modify updates data updates:write
    Read teams data teams:read
    Access information about your account account:read

    ClickUp permissions

    Just connect your account and you're ready to go.

    Basecamp permissions

    Being a member of the Basecamp workspace that needs syncing should be enough. No special permissions required!

    Wrike permissions

    Make sure the project or folder is shared with the account you're using for your workflows. Also, because all projects and folders in Wrike are private by default, the ones you want to sync need to be shared with the account used to sync them.

    Zendesk permissions

    Confirm that your Zendesk account has admin privileges. We need this in order to search for certain endpoints and create webhooks.

    OAuth Scopes for Unito's Zendesk integration

     
    'crm.objects.contacts.read',
    'crm.objects.contacts.write',
    'crm.schemas.contacts.read',
    'crm.objects.deals.read',
    'crm.objects.deals.write',
    'crm.schemas.deals.read',
    'crm.objects.companies.read',
    'crm.objects.companies.write',
    'crm.schemas.companies.read',
    'crm.objects.owners.read',
    'crm.objects.line_items.write',
    'crm.objects.line_items.read',
    'tickets',

     

    Zendesk oauth

    HubSpot permissions

    Only a HubSpot Super Admin can connect your account to Unito and create flows to sync tasks, tickets or deals.

    OAuth scopes for Unito's HubSpot integration

    OAuth Scope Definition

    crm.settings.properties.write 

    Enables Unito to edit the settings of properties in your HubSpot CRM. This includes changing the name, description, group name, field type, options for dropdown fields, and other settings related to properties.
    crm.objects.contacts.read Allows Unito to read or retrieve contact information from your HubSpot CRM.
    crm.objects.contacts.write Enables Unito to create, update, or delete contact information in your HubSpot CRM.
    crm.schemas.contacts.read Gives Unito permission to read the structure or schema of your contact data in HubSpot. This includes information about what fields are available for contacts and their data types.
    crm.objects.deals.read Allows Unito to read or retrieve deal information from your HubSpot CRM.
    crm.objects.deals.write Enables Unito to create, update, or delete deal information in your HubSpot CRM.
    crm.schemas.deals.read Gives Unito permission to read the structure or schema of your deal data in HubSpot. This includes information about what fields are available for deals and their data types.
    crm.objects.companies.read Allows Unito to read or retrieve company information from your HubSpot CRM.
    crm.objects.companies.write Enables Unito to create, update, or delete company information in your HubSpot CRM.
    crm.schemas.companies.read Gives Unito permission to read the structure or schema of your company data in HubSpot. This includes information about what fields are available for companies and their data types.
    crm.objects.owners.read Allows Unito to read or retrieve owner information from your HubSpot CRM.
    crm.objects.line_items.write Enables Unito to create, update, or delete line item information in your HubSpot CRM. Line items typically represent individual products or services in a deal.
    crm.objects.line_items.read Allows Unito to read or retrieve line item information from your HubSpot CRM.
    tickets Gives Unito permission to read, write, and delete tickets in your HubSpot Service Hub. Tickets represent customer service issues or tasks.
    Contacts Provides access to Contact, Companies, Deals, Properties, Engagements, and Owners endpoints.

    Salesforce permissions

    Salesforce's granular permissions model means users must have edit rights on a field to include it in a Unito flow. Additionally, your Salesforce plan must support API access.

    Custom Fields in Salesforce: Unito can only access custom fields that are available to the specific user connecting the integration.

    ServiceNow permissions

    Users require full access to read, write, create, and delete permissions on the specific tables you want Unito to sync in ServiceNow.

    You'll also need at least read access to the sys_journal_field table in order to sync work notes.

    Who Typically Holds These Permissions?

    • System Administrators ('admin' role): Admins have wide-ranging control over ServiceNow instances, including managing tables and their permissions.
    • Users with Tailored Roles: ServiceNow allows role creation and customization. It's possible to specifically grant the necessary 'read, write, create, delete' permissions to a role for tables targeted by Unito syncs.

    How to Verify and Manage Permissions

    This process might require the assistance of a ServiceNow administrator:

    1. Table Access Control Lists (ACLs): Each table in ServiceNow has ACLs specifying the actions (read, write, etc.) allowed for different roles.
    2. Roles: Check roles assigned to the user intending to use Unito. Ensure the role has the needed ACLs on relevant tables.

    Smartsheet permissions

    Add your Smartsheet account to Unito and you'll be ready to sync your Sheets. No additional permissions needed.

    Required OAuth Scopes for Unito's Smartsheet integration 


    SCOPE This scope gives Unito permission to:
    CREATE_SHEETS Create new sheets in your Smartsheet account.
    ADMIN_WEBHOOKS Create, delete, and update webhooks, get information on all webhooks, and reset shared secrets. Webhooks are used to notify Unito when there are changes in your Smartsheet data.
    READ_CONTACTS Read or retrieve contact information from your Smartsheet account.
    READ_SHEETS Read all sheet data, including attachments, discussions, and cell data. This is necessary for Unito to sync this data.
    READ_USERS Retrieve user and group information from your Smartsheet organization account.
    WRITE_SHEETS Insert and modify sheet data, including attachments, discussions, and cell data. This is necessary for Unito to make updates to your Smartsheet data based on changes in other synced tools.
    DELETE_SHEETS Delete sheets in your Smartsheet account.

    Slack permissions

    Add your Slack account to Unito and you'll be ready to sync your conversations. No additional permissions needed.

    OAuth Scopes for Unito's Slack integration

    SCOPE This scope gives Unito permission to:  
    channels:history View messages and other content in public channels that your Slack app has been added to.  
    channels:join Join public channels in a workspace  
    channels:manage Manage public channels that your Slack app has been added to and create new ones.  
    channels:read View basic information about public channels in a workspace  
    chat:write Manage a user's public channels and create new ones on a user's behalf  
    users:read View people in a workspace  
    users:read.email View email addresses of people in a workspace  

    Google Sheets permissions

    During the authorization process, you'll need to give Unito access to your Google account so your flow can see and edit your sheets.

    OAuth scopes for Unito's Google Sheets integration

    SCOPE Type of Data This scope gives Unito permission to:
    Read & Write  Metadata Access to the user's file metadata, excluding downloadUrl and thumbnail.
    Sheets Allows read/write access to the user's sheets and their properties.
    Read Email address View your email address.
    Profile See your personal info, including any personal info you've made publicly available

    Notion permissions

    During the authorization process, you'll need to select the pages or databases you want to give Unito access to — along with its children.

    OAuth scopes for Unito's Notion integration

    SCOPE Type of Data This scope gives Unito permission to:
    Read & Write Pages (view and edit) View and edit pages you select in the next step. You can also share pages later with Unito via the Share menu.
    Pages (create new) Add new pages/databases inside pages it has access to.
    Read Email address View all workspace members and guests and their email addresses.

    Intercom permissions

    To use Unito, make sure your Intercom account has "Can install, configure and delete apps" access turned on. You can find this under the Apps and integrations section of your user permissions.

    Teamwork permissions

    In order to properly sync tasks, Unito users need to be a Client User in Teamwork and not just a Collaborator.

    Beyond that, Unito only needs special permissions if you want to create Teamwork projects directly from Unito. To do this, you must have administrator permissions in Teamwork or permission to add projects. If you don't have these permissions, reach out to someone who has administrator permissions.

    Microsoft Excel permissions

    Unito needs Read & Write permissions to sync rows from an Excel spreadsheet.

    Microsoft Outlook permissions

    To successfully sync Outlook calendar events or contacts using Unito, you'll need:

    • An active Microsoft 365 license: This is required to access and use the Outlook features within your Microsoft 365 suite.
    • Global Administrator role: This role is necessary for permissions that affect a broad range of users or require organization-wide access, such as User.Read.All and Contacts.ReadWrite.
    • Exchange Administrator role: This role grants specific permissions related to email and calendar access, including Mail.Read, Calendars.ReadWrite, and MailboxSettings.Read.

    If you encounter any difficulties syncing events or contacts, double-check that these permissions are correctly assigned to the user account connected to Unito.

    Unito needs Read and Write permissions to sync Outlook events. You'll also need an account with admin permissions to use Unito's Outlook integration.

    Facebook Ads Manager permissions

    Unito requires the 'read_ads' permission to access and sync your ad campaign data.

    Roles with "read_ads" Permission by Default:

    • Advertiser: A role specifically focused on being able to view ad performance and reporting.
    • Analyst: Has broad access to view advertising insights.
    • Admin: Has full control of the Ads Manager account, including all ad-related permissions.

    Who Might Not Have It

    • Editor: This role primarily focuses on creating and editing ads, potentially lacking the specific "read_ads" permission to view in-depth insights.

    How to Check and Assign the "read_ads" Permission

    1. Business Settings: Navigate to your Facebook Business Settings.
    2. Accounts > Ad Accounts: Select the relevant ad account.
    3. People: Here you can view existing users and their assigned roles.
    4. Add People: Grant the "read_ads" permission when adding new users, or edit the permissions of existing users.

    MySQL permissions

    Here's the breakdown of MySQL permissions needed, along with who typically has them: 

    • INSERT, SELECT, UPDATE, DELETE on each table to be synced: These are the core permissions allowing Unito to create, read, modify, and remove data within your MySQL tables.
    • SELECT on the information_schema schema: This schema holds metadata about your database structure, essential for Unito to understand what to sync.

    Who Has These Permissions?

    • Database Administrators (DBAs): DBAs typically have full control over a MySQL database, including schema management and granting permissions.
    • Users with Custom Privileges: It's possible to specifically grant these required permissions to individual users based on their synchronization needs.

    How to Check and Grant MySQL Permissions

    The process usually involves using SQL commands:

    1. SHOW GRANTS: Use SHOW GRANTS FOR 'user'@'host'; (replace 'user' and 'host' appropriately) to see existing permissions.
    2. GRANT: Use GRANT INSERT, SELECT, UPDATE, DELETE ON database.table TO 'user'@'host'; to assign table-level permissions.
    3. Schema-Level GRANT: Grant SELECT permissions on the information_schema: GRANT SELECT ON information_schema.* TO 'user'@'host';

    Important Considerations

    • Principle of Least Privilege: Grant only the necessary permissions to minimize potential security risks.
    • Data Sensitivity: If dealing with highly sensitive data, involve your DBA to ensure proper authorization and security best practices.

    Official MySQL Documentation

    For in-depth instructions and syntax examples, refer to the official MySQL documentation on user account management.