Product Selector

Fusion 5.12
    Fusion 5.12

    Configure a Non-Administrative Crawl Account in SharePoint Online

    The SharePoint connector retrieves content and metadata from an on-premises SharePoint repository.

    The steps below describe how to configure a crawl account in SharePoint Online without giving the account administrative access.

    1. Create a site collection administrator account

    To create a site collection administrator account, you must have administrator permissions for the site you want to crawl.

    1. Log in to the SharePoint Online admin center as a SharePoint administrator.

    2. Go to Sites > Active sites and select the site you want to crawl.

    3. Go to Membership > Site Admins and click Add site admin.

    4. Search for the user you want to designate as a site admin, then click Add.

    The user is now listed as a site admin.

    The site collection administrator only has control over the selected site and its sub-sites.

    2. Add a crawl permissions level

    To create a new permission level, click the gear symbol and go to Site Settings > Site permissions. Select Permission Levels, and click Add a Permission Level. Name the new permission level "Lucidworks Fusion Service Permission", and assign the following site permissions:

    Name Description

    View Items

    View items in lists and documents in document libraries.

    Open Items

    View the source of documents with server-side file handlers.

    View Versions

    View past versions of a list item or document.

    View Application Pages

    View forms, views, and application pages. Enumerate lists.

    View Web Analytics Data

    View reports on Web site usage.

    Browse Directories

    Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.

    View Pages

    View pages in a Web site.

    Enumerate Permissions

    Enumerate permissions on the Web site, list, folder, document, or list item.

    Browse User Information

    View information about users of the Web site.

    Use Remote Interfaces

    Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.

    Open

    Allows users to open a Web site, list, or folder in order to access items inside that container.

    Edit Personal User Information

    Allows a user to change his or her own user information, such as adding a picture.

    3. Create a Fusion crawl group

    For each top-level site you want to be able to crawl, you must create a site permissions group and assign the permissions level you created previously. Go to Site Settings > Site permissions. Click the Create Group symbol and name the new group "Lucidworks Fusion Crawl Accounts". Add the site collection administrator, and any other user that you wish to have crawl permissions, to this group.

    The site collection administrator should now be able to crawl without administrator rights.

    Limitations of a non-administrative crawl account in SharePoint Online

    There are important limitations to crawling SharePoint Online with a non-administrative account. Only administrators are permitted to list site collections from SharePoint Online. To crawl multiple site collections from your SharePoint Online tenant, you must either:

    1. List the site collections in the Start Links explicitly, or;

    2. Provide a SharePoint administrator account when crawling SharePoint Online

    The image below illustrates what information a non-administrator user can crawl:

    Non-admin Crawl Permissions

    Although a non-administrator user can be allowed to list sub-sites in a site collection, the user cannot list the site collections of the tenant URL. For example, a non-administrator user may list the Sub-sites in https://lucidworks.sharepoint.com/sites/sitecol, such as /sitecol/subsite1 and /sitecol/subsite2. However, only an administrator can list the site collections in https://lucidworks.sharepoint.com.