Configure A Non-administrative Crawl Account in SharePoint Online

The SharePoint connector retrieves content and metadata from an on-premises SharePoint repository.

The steps below describe how to configure a crawl account in SharePoint Online without giving the account administrative access.

1. Create a Service Account

Log in as a SharePoint administrator, and go to your admin center. . If you are using an on-premise active directory synced to SharePoint Online, you will need to create an active directory account and license the active directory account on SharePoint Online.

On-premise Active Directory

  1. If you are using SharePoint Online user accounts, add a user named “Lucidworks Fusion Service Account”.

SharePoint Online Users

Create the account as User (no administrator access).

2. Add a Crawl Permissions Level

To create a new permission level, click the gear symbol and go to Site Settings > Site permissions. Select Permission Levels, and click Add a Permission Level. Name the new permission level "Lucidworks Fusion Service Permission", and assign the following site permissions:

Name Description

View Items

View items in lists and documents in document libraries.

Open Items

View the source of documents with server-side file handlers.

View Versions

View past versions of a list item or document.

View Application Pages

View forms, views, and application pages. Enumerate lists.

View Web Analytics Data

View reports on Web site usage.

Browse Directories

Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.

View Pages

View pages in a Web site.

Enumerate Permissions

Enumerate permissions on the Web site, list, folder, document, or list item.

Browse User Information

View information about users of the Web site.

Use Remote Interfaces

Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.

Open

Allows users to open a Web site, list, or folder in order to access items inside that container.

Edit Personal User Information

Allows a user to change his or her own user information, such as adding a picture.

3. Create a Fusion Crawl Group

For each top-level site you want to be able to crawl, you must create a site permissions group and assign the permissions level you created previously. Go to Site Settings > Site permissions. Click the Create Group symbol and name the new group "Lucidworks Fusion Crawl Accounts". Add the “Lucidworks Fusion Service Account” user, and any other user that you wish to have crawl permissions, to this group.

The “Lucidworks Fusion Service Account” user should now be able to crawl without administrator rights.

Limitations of a Non-administrative Crawl Account in SharePoint Online

There are important limitations to crawling SharePoint Online with a non-administrative account. Only administrators are permitted to list site collections from SharePoint Online. To crawl multiple site collections from your SharePoint Online tenant, you must either:

  1. List the site collections in the Start Links explicitly, or;

  2. Provide a SharePoint administrator account when crawling SharePoint Online

The image below illustrates what information a non-administrator user can crawl:

Non-admin Crawl Permissions

Note
Although a non-administrator user can be allowed to list sub-sites in a site collection, the user cannot list the site collections of the tenant URL. For example, a non-administrator user may list the Sub-sites in https://lucidworks.sharepoint.com/sites/sitecol, such as /sitecol/subsite1 and /sitecol/subsite2. However, only an administrator can list the site collections in https://lucidworks.sharepoint.com.