This article outlines why DocumentsCorePack need Application Permissions.
If you’re creating a service and you have to choose the connection profile, there are several options.
If you use the Server2Server-connection, you need to activate the following:
1.) Access to common data service
This means, that we can read the CRM data in your name
(so we can ensure, that user specific settings are applied to the data retrieved, like number & datetime
2.) Read and Write your files &
Read and write items in all site collections &
Read and write items and lists in all site collections
These are the SharePoint security requirements to be able to fully use the Dynamics SharePoint integration.
When DCP is linked with Dynamics SharePoint Integration, DCP will create lists, folders & files in the
SharePoint location as Dynamics would create them.
3.) Sign in and read user profile
This is required to login as the user in dynamics and also for some of our licensing options.