Setting up SharePoint Crawling Account Permissions
Setting up SharePoint Crawling Account Permissions
When configuring a dedicated crawling account for Coveo to make your content searchable, you must grant this account specific permissions so that it can access and retrieve the desired data. Depending on your company’s internal security policy, you can opt to give access to all sites and profiles, or only to some of them.
-
When you want to retrieve SharePoint content and the corresponding user permission data, refresh your source, and perform site collection discovery, add the full read policy to all SharePoint tenant web applications
-
When you want to make SharePoint personal sites and user profiles searchable, add the SharePoint website read permission as well as the “Retrieve People Data for Search Crawlers” permission to the user profile service application.
Add the “Full Read” Policy to All SharePoint Tenant Web Applications
When you want to retrieve SharePoint content and the corresponding user permission data, refresh your source, and perform site collection discovery, you must add the Full Read policy to all SharePoint tenant web applications for the crawling account (see Coveo management of security identities and item permissions).
This policy isn’t required to index content from SharePoint in Microsoft 365.
-
Open the SharePoint Central Administration console (Windows Start menu > All Programs > Microsoft SharePoint Products).
-
In the SharePoint Central Administration console, under Application Management, click Manage web applications.
-
For each web application to make searchable:
-
On the Web Applications Management page:
-
Click the name of the desired web application to highlight it.
-
In the ribbon, click User Policy.
-
In the Policy for Web Application dialog box, click Add Users.
-
In the Add Users wizard:
-
In the Zone dropdown menu, select (All zones), and then click Next.
-
In the Users text box, add the desired account (see SharePoint Account Permissions).
-
Under Permissions, select the Full Read - Has full read-only access checkbox.
-
Click Finish.
-
-
In the Policy for Web Application dialog box, click OK.
-
Add the SharePoint Website “Read” Permission
When you want to make SharePoint personal sites and user profiles searchable, you must grant the SharePoint site Read permission to the crawling account as well as add the Retrieve People Data for Search Crawlers permission to the User Profile Service application for the crawling account.
-
Access the SharePoint site collection that you want to make searchable.
-
Click the cogwheel icon, and then select Site Permissions.
-
In the ribbon, click Grant Permissions.
-
In the Users/Groups text box, enter the desired crawling account (see Add a SharePoint Server source).
-
Under Grant Permissions, select the Grant users permission directly radio button, and then select the Read - Can view pages and list items and download documents checkbox.
-
Click OK.
Add the “Retrieve People Data for Search Crawlers” Permission
-
Access the SharePoint Central Administration console (Windows Start menu > All Programs > Microsoft SharePoint Products).
-
In the SharePoint Central Administration console, under Application Management, click Manage service applications.
-
On the Manage Service Applications page, highlight User Profile Service Application without clicking it.
When User Profile Service Application isn’t present in the service applications list, it may not be installed on your SharePoint tenant, therefore you don’t have people data to index.
-
In the ribbon, click Administrators.
-
In the Administrators for User Profile Service Application dialog box, enter the crawling account in the first box, and then click Add.
-
In the second box, select the crawling account.
-
In the Permission for Administrators list, select the Retrieve People Data for Search Crawlers checkbox, and then click OK.