Configure a Non-Administrative Crawl Account in SharePoint Online
The SharePoint connector retrieves content and metadata from an on-premises SharePoint repository.
The steps below describe how to configure a crawl account in SharePoint Online without giving the account administrative access.
1. Create a site collection administrator account
To create a site collection administrator account, you must have administrator permissions for the site you want to crawl.
-
Log in to the SharePoint Online admin center as a SharePoint administrator.
-
Go to Sites > Active sites and select the site you want to crawl.
-
Go to Membership > Site Admins and click Add site admin.
-
Search for the user you want to designate as a site admin, then click Add.
The user is now listed as a site admin.
| The site collection administrator only has control over the selected site and its sub-sites. |
2. Add a crawl permissions level
To create a new permission level, click the gear symbol and go to Site Settings > Site permissions. Select Permission Levels, and click Add a Permission Level. Name the new permission level "Lucidworks Fusion Service Permission", and assign the following site permissions:
| Name | Description |
|---|---|
View Items |
View items in lists and documents in document libraries. |
Open Items |
View the source of documents with server-side file handlers. |
View Versions |
View past versions of a list item or document. |
View Application Pages |
View forms, views, and application pages. Enumerate lists. |
View Web Analytics Data |
View reports on Web site usage. |
Browse Directories |
Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces. |
View Pages |
View pages in a Web site. |
Enumerate Permissions |
Enumerate permissions on the Web site, list, folder, document, or list item. |
Browse User Information |
View information about users of the Web site. |
Use Remote Interfaces |
Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site. |
Open |
Allows users to open a Web site, list, or folder in order to access items inside that container. |
Edit Personal User Information |
Allows a user to change his or her own user information, such as adding a picture. |
3. Create a Fusion crawl group
For each top-level site you want to be able to crawl, you must create a site permissions group and assign the permissions level you created previously. Go to Site Settings > Site permissions. Click the Create Group symbol and name the new group "Lucidworks Fusion Crawl Accounts". Add the site collection administrator, and any other user that you wish to have crawl permissions, to this group.
The site collection administrator should now be able to crawl without administrator rights.
Limitations of a non-administrative crawl account in SharePoint Online
There are important limitations to crawling SharePoint Online with a non-administrative account. Only administrators are permitted to list site collections from SharePoint Online. To crawl multiple site collections from your SharePoint Online tenant, you must either:
-
List the site collections in the Start Links explicitly, or;
-
Provide a SharePoint administrator account when crawling SharePoint Online
The image below illustrates what information a non-administrator user can crawl:
Although a non-administrator user can be allowed to list sub-sites in a site collection, the user cannot list the site collections of the tenant URL.
For example, a non-administrator user may list the Sub-sites in https://lucidworks.sharepoint.com/sites/sitecol, such as /sitecol/subsite1 and /sitecol/subsite2. However, only an administrator can list the site collections in https://lucidworks.sharepoint.com.
|