Configure a non-administrative crawl account in SharePoint Online
The SharePoint connector retrieves content and metadata from an on-premises SharePoint repository.
The steps below describe how to configure a crawl account in SharePoint Online without giving the account administrative access.
1. Create a Service Account
-
Log in as a SharePoint administrator, and go to your admin center.
-
If you are using an on-premise active directory synced to SharePoint Online, you need to create an active directory account and license the active directory account on SharePoint Online.
-
If you are using SharePoint Online user accounts, add a user named “Lucidworks Fusion Service Account”.
Create the account as User (no administrator access).
2. Add a Crawl Permissions Level
To create a new permission level, click the gear symbol and go to Site Settings > Site permissions. Select Permission Levels, and click Add a Permission Level. Name the new permission level "Lucidworks Fusion Service Permission", and assign the following site permissions:
Name | Description |
---|---|
View Items |
View items in lists and documents in document libraries. |
Open Items |
View the source of documents with server-side file handlers. |
View Versions |
View past versions of a list item or document. |
View Application Pages |
View forms, views, and application pages. Enumerate lists. |
View Web Analytics Data |
View reports on Web site usage. |
Browse Directories |
Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces. |
View Pages |
View pages in a Web site. |
Enumerate Permissions |
Enumerate permissions on the Web site, list, folder, document, or list item. |
Browse User Information |
View information about users of the Web site. |
Use Remote Interfaces |
Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site. |
Open |
Allows users to open a Web site, list, or folder in order to access items inside that container. |
Edit Personal User Information |
Allows a user to change his or her own user information, such as adding a picture. |
3. Create a Fusion crawl group
For each top-level site you want to be able to crawl, you must create a site permissions group and assign the permissions level you created previously. Go to Site Settings > Site permissions. Click the Create Group symbol and name the new group "Lucidworks Fusion Crawl Accounts". Add the “Lucidworks Fusion Service Account” user, and any other user that you wish to have crawl permissions, to this group.
The “Lucidworks Fusion Service Account” user should now be able to crawl without administrator rights.
Limitations of a non-administrative crawl account in SharePoint Online
There are important limitations to crawling SharePoint Online with a non-administrative account. Only administrators are permitted to list site collections from SharePoint Online. To crawl multiple site collections from your SharePoint Online tenant, you must either:
-
List the site collections in the Start Links explicitly, or;
-
Provide a SharePoint administrator account when crawling SharePoint Online
The image below illustrates what information a non-administrator user can crawl:
Although a non-administrator user can be allowed to list sub-sites in a site collection, the user cannot list the site collections of the tenant URL.
For example, a non-administrator user may list the Sub-sites in https://lucidworks.sharepoint.com/sites/sitecol , such as /sitecol/subsite1 and /sitecol/subsite2 . However, only an administrator can list the site collections in https://lucidworks.sharepoint.com .
|