This guide provides a detailed breakdown of how Microsoft 365 (SharePoint Online and OneDrive for Business) permission roles are mapped to Google Workspace permissions during a migration. Because SharePoint offers a different permission model to Google Drive, CloudM Migrate uses a "Best Fit" logic to ensure data security and accessibility are maintained.
Tip: For a successful transition, ensure that your Address Replacements are configured so that these mapped permissions are applied to the correct user identities in the destination.
Google Workspace — My Drive and Individual Files
The table below displays how permissions are mapped when moving data into a user's My Drive or for individual file-level permissions.
| Microsoft 365 Permission | Google Permission | Notes |
|---|---|---|
| Full Control | Editor | Google Drive reserves Owner for the file creator. Full Control is mapped to the highest non-owner role. |
| Edit | Editor | Direct functional match. |
| Contribute | Editor | Contribute and Edit have the same functional outcome in Google Drive. |
| Design | Viewer | Design is a SharePoint-specific role for list and page layout editing. No equivalent write role in Google Drive. |
| Read | Viewer | Direct mapping. |
| Viewer | Viewer | Direct mapping. |
| Limited Access | Not migrated | Internal SharePoint role used for site navigation and rendering. Not a content permission. |
Google Workspace — Shared Drive (Folder Level)
The mapping used when providing permissions at the root level of Shared Drives or Shared Drive folders. Shared Drives offer additional roles that provide a closer match to SharePoint's permission granularity.
| Microsoft 365 Permission | Google Permission | Notes |
|---|---|---|
| Full Control | Manager | Full administrative control including member management. |
| Edit | Content Manager | Can add, edit, move, and delete files. Cannot manage drive membership. |
| Design | Content Manager | Design involves structural editing. Content Manager is the closest equivalent. |
| Contribute | Contributor | Can add and edit files but cannot move or delete other users' files. |
| Read | Viewer | View and download access only. |
| Viewer | Viewer | View and download access only. |
| Limited Access | Not migrated | Internal SharePoint role. Always filtered out. |
SharePoint Permission Groups
SharePoint groups are resolved to their underlying role definitions and then mapped using the tables above.
| SharePoint Group | Underlying Role |
|---|---|
| Sitename Owners | Full Control |
| Sitename Members | Edit |
| Sitename Visitors | Read |