Permission Scope
When you connect SharePoint to trumpet, the following Microsoft Graph and SharePoint permissions are requested — all are delegated (meaning they act on behalf of the signed-in user, never beyond what that user can already access):
Permission | What it allows |
| Read files the connected user has access to |
| List SharePoint sites and their metadata |
| Read the signed-in user's basic profile (to authenticate the connection) |
| Maintain the connection without requiring re-authentication on every request |
| Read items across site collections (SharePoint-specific) |
| Read the user's personal OneDrive/SharePoint files |
| Access only selected site collections (when site-scoping is enabled) |
All permissions are read-only. Trumpet cannot create, edit, or delete any files or sites in your SharePoint environment.
What data is read
Trumpet reads the following from SharePoint in real time when a user browses the integration:
Site metadata — site name and URL (to let users navigate to the right site)
Document library (drive) metadata — library name, type, description, and last-modified date
File metadata — file name, type, size, thumbnail previews, created/modified dates, and the author's display name
File content — only when a user explicitly selects a file and clicks "Migrate to My Library", the file is downloaded once and uploaded into Trumpet's content library
Trumpet does not crawl or index your SharePoint environment in the background. Data is fetched on demand only when a user actively navigates the integration.
What data is stored
Connection credentials — an OAuth token is stored securely to maintain the integration. It is never exposed in API responses.
Integration settings — if your admin scopes the integration to specific SharePoint sites, those site IDs and URLs are stored so Trumpet only shows the approved sites.
Migrated files — when a user explicitly migrates a file into Trumpet's content library, a copy of that file is stored in Trumpet (uploaded to S3). The original file in SharePoint is not modified.
Trumpet does not store file listings, search results, thumbnails, or any other SharePoint metadata beyond the above. That data is fetched live from Microsoft's API each time a user opens the integration.
Privacy considerations
User-scoped access — because all permissions are delegated, Trumpet can only see what the authenticated user can see. If a user doesn't have access to a site or file in SharePoint, they won't see it in Trumpet either.
Admin site-scoping — admins can restrict the integration to specific SharePoint sites, so only approved content is browsable.
No background syncing — there are no scheduled jobs or background processes reading from your SharePoint. All data access is initiated by an explicit user action.
Read-only — Trumpet has no write permissions to your SharePoint environment. It cannot modify, delete, or share your files.
Token security — the OAuth access token is stored server-side and is stripped from any API responses returned to the client.