Permissions required for the Box connector

Overview

When you connect Incydr to Box, you grant a number of permissions to Incydr in your Box environment. This article lists the permissions Incydr requires as well as what those permissions allow Incydr to do in your Box environment.

Box permissions

Incydr collects file events from Box. A file event is any activity observed for a file, such as creating, modifying, sharing, renaming, moving, or deleting a file. To see this file activity, Incydr requires access to your Box environment.

Incydr requires the following:

• The following Box scopes:
  • Read all files and folders stored in Box (root_readonly): Required to request additional file metadata, stream a file for hashing, and to determine a file’s category when analyzing file activity.
  • Read and write all files and folders stored in Box (root_readwrite): Required to grant temporary access to view a file and to view and manage sharing.
  • Manage groups (manage_groups): Required to identify in-scope users and group membership.
  • Manage enterprise properties (manage_enterprise_properties): Required to verify a customer’s Box account information during authorization.
  • Manage users (manage_app_users and manage_managed_users): Required for preventative controls to disable sharing for a user.
  • Generate user access tokens: Required to create API tokens for the Box connector.
• Integrations enabled.
• Permissions for co-admins to Manage groups and Run new reports and access existing reports.

External resources

Box documentation

• Scopes
• Web App Integration
• Using reports

Related topics

• Connect Incydr to Box
• Configure Box for the Incydr data connection
• Vendor license requirements for Incydr data connections