Product Selector

Fusion 5.12
    Fusion 5.12

    Configure a non-administrative crawl account in SharePoint Online

    The SharePoint connector retrieves content and metadata from an on-premises SharePoint repository.

    The steps below describe how to configure a crawl account in SharePoint Online without giving the account administrative access.

    1. Create a Service Account

    1. Log in as a SharePoint administrator, and go to your admin center.

    2. If you are using an on-premise active directory synced to SharePoint Online, you need to create an active directory account and license the active directory account on SharePoint Online.

    On-premise Active Directory

    1. If you are using SharePoint Online user accounts, add a user named “Lucidworks Fusion Service Account”.

    SharePoint Online Users

    Create the account as User (no administrator access).

    2. Add a Crawl Permissions Level

    To create a new permission level, click the gear symbol and go to Site Settings > Site permissions. Select Permission Levels, and click Add a Permission Level. Name the new permission level "Lucidworks Fusion Service Permission", and assign the following site permissions:

    Name Description

    View Items

    View items in lists and documents in document libraries.

    Open Items

    View the source of documents with server-side file handlers.

    View Versions

    View past versions of a list item or document.

    View Application Pages

    View forms, views, and application pages. Enumerate lists.

    View Web Analytics Data

    View reports on Web site usage.

    Browse Directories

    Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.

    View Pages

    View pages in a Web site.

    Enumerate Permissions

    Enumerate permissions on the Web site, list, folder, document, or list item.

    Browse User Information

    View information about users of the Web site.

    Use Remote Interfaces

    Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.

    Open

    Allows users to open a Web site, list, or folder in order to access items inside that container.

    Edit Personal User Information

    Allows a user to change his or her own user information, such as adding a picture.

    3. Create a Fusion crawl group

    For each top-level site you want to be able to crawl, you must create a site permissions group and assign the permissions level you created previously. Go to Site Settings > Site permissions. Click the Create Group symbol and name the new group "Lucidworks Fusion Crawl Accounts". Add the “Lucidworks Fusion Service Account” user, and any other user that you wish to have crawl permissions, to this group.

    The “Lucidworks Fusion Service Account” user should now be able to crawl without administrator rights.

    Limitations of a non-administrative crawl account in SharePoint Online

    There are important limitations to crawling SharePoint Online with a non-administrative account. Only administrators are permitted to list site collections from SharePoint Online. To crawl multiple site collections from your SharePoint Online tenant, you must either:

    1. List the site collections in the Start Links explicitly, or;

    2. Provide a SharePoint administrator account when crawling SharePoint Online

    The image below illustrates what information a non-administrator user can crawl:

    Non-admin Crawl Permissions

    Although a non-administrator user can be allowed to list sub-sites in a site collection, the user cannot list the site collections of the tenant URL. For example, a non-administrator user may list the Sub-sites in https://lucidworks.sharepoint.com/sites/sitecol, such as /sitecol/subsite1 and /sitecol/subsite2. However, only an administrator can list the site collections in https://lucidworks.sharepoint.com.