# Required permissions #### Configuring the required permissions in GitHub ensures that Xopero ONE can securely access repositories, metadata, and organization settings necessary to perform consistent and complete backups. *** ## Account integration To install the **Xopero ONE** application, you must use an account with sufficient privileges, typically an administrator account. Additionally, the application requires the following permissions to function correctly: * [x] Full control of projects. * [x] Read team discussions. * [x] Read organization and team membership, read organization projects. * [x] Read all user profile data. * [x] Full control of private repositories. * [x] Access user email addresses (read-only). * [x] Update **GitHub Action** workflows. Below you can find examples of different types of permissions along with their explanations.

TYPE	LEVEL	PERMISSION
Owner	default	Full backup and restore.
	admin	Full backup and restore.
	write	Full backup and restore.
	read	Full backup. Restore only to your own account.
Member	admin	Full backup. Restore only to your own account.
	maintain	Full backup. Restore only to your own account.
	write	Full backup. Restore only to your own account.
	triage	Backup (excluding collaborators). Restore only to your own account.
Collaborator (external in the organization)	read	Backup (excluding collaborators). Restore only to your own account.
Collaborator (outside the organization)	default	Backup (excluding collaborators). Restore only to your own account.

*** ## Personal Access Token (PAT) integration The minimum authorization permissions required for the token to register the **Xopero ONE** application and perform repository backup and restore are: **repo** and **workflow**.

{% hint style="danger" %} With minimal privileges, certain metadata may not be included in the backup process. Select the necessary permissions based on the specific data you need to protect. {% endhint %} You can generate a personal access token in the **Developer settings** > **Personal access tokens** menu in **GitHub**. When creating a PAT, you can assign it different types of permissions — the list below outlines the permissions required to back up specific repository metadata within your organization: 1. **admin:org** — allows you to read the organization's projects. 2. **project** — allows you to read the projects from which the repository comes. 3. **read:discussion** — allows you to read team discussions. 4. **read:public\_key** — grants access to keys. 5. **read:repo\_hook** — grants access to webhooks. 6. **repo** — grants access to repositories. {% hint style="warning" %} If you grant only **read** permissions, you will be able to perform a backup, but restoring data will require generating a new token with **write** permissions. {% endhint %} *** ## Useful links and items {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://helpcenter.xopero.com/xopero-one-en/backup-and-recovery/devops/github/integration/required-permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.