---
title: Setting up SharePoint crawling account permissions
slug: '1992'
canonical_url: https://docs.coveo.com/en/1992/
collection: index-content
source_format: adoc
---
# Setting up SharePoint crawling account permissions
When [configuring a dedicated crawling account for Coveo to make your content searchable](https://docs.coveo.com/en/2061/), you must grant this account specific permissions so that it can access and retrieve the desired data.
Depending on your company's internal security policy, you can opt to give access to all sites and profiles, or only to some of them.

* When you want to retrieve SharePoint content and the corresponding user permission data, refresh your source, and perform site collection discovery, [add the full read policy to all SharePoint tenant web applications](#add-the-full-read-policy-to-all-sharepoint-tenant-web-applications)

* When you want to make SharePoint personal sites and user profiles searchable, add the [SharePoint website read permission](#add-the-sharepoint-website-read-permission) as well as the ["Retrieve People Data for Search Crawlers" permission to the user profile service application](#add-the-retrieve-people-data-for-search-crawlers-permission).

## Add the "Full Read" policy to all SharePoint tenant web applications

To retrieve SharePoint content and the corresponding user permission data, refresh your source, and perform site collection discovery, you must add the **Full Read** policy to all SharePoint tenant web applications for the crawling account.
See [Coveo management of security identities and item permissions](https://docs.coveo.com/en/1719/) for details regarding the permission retrieval and replication process.

> **Note**
>
> This policy isn't required to index content from SharePoint in Microsoft 365.

. Open the **SharePoint Central Administration** console (Windows **Start** menu > **All Programs** > **Microsoft SharePoint Products**).

. In the **SharePoint Central Administration** console, under **Application Management**, click **Manage web applications**.

. For each web application to make searchable:

 .. On the **Web Applications Management** page:

 .. Click the name of the desired web application to highlight it.

 .. In the ribbon, click **User Policy**.

 .. In the **Policy for Web Application** dialog box, click **Add Users**.

 .. In the **Add Users** wizard:

  ... In the **Zone** dropdown menu, select **(All zones)**, and then click **Next**.

  ... In the **Users** text box, add the desired [account](https://docs.coveo.com/en/2061#sharepoint-account-permissions).

  ... Under **Permissions**, select the **Full Read - Has full read-only access** checkbox.

  ... Click **Finish**.

 .. In the **Policy for Web Application** dialog box, click **OK**.

## Add the SharePoint website "Read" permission

To make SharePoint personal sites and user profiles searchable, grant the SharePoint site **Read permission** to the crawling account as well as add the **Retrieve People Data for Search Crawlers** permission to the User Profile Service application for the crawling account.

. Access the SharePoint site collection that you want to make searchable.

. Click the cogwheel icon, and then select **Site Permissions**.

. In the ribbon, click **Grant Permissions**.

. In the **Users/Groups** text box, enter the desired [crawling account](https://docs.coveo.com/en/2061/).

. Under **Grant Permissions**, select the **Grant users permission directly** radio button, and then select the **Read - Can view pages and list items and download documents** checkbox.

. Click **OK**.

## Add the "Retrieve People Data for Search Crawlers" permission

. Access the **SharePoint Central Administration** console (Windows **Start** menu > **All Programs** > **Microsoft SharePoint Products**).

. In the **SharePoint Central Administration** console, under **Application Management**, click **Manage service applications**.

. On the **Manage Service Applications** page, highlight **User Profile Service Application** without clicking it.

> **Note**
>
> When **User Profile Service Application** isn't present in the service applications list, it may not be installed on your SharePoint tenant, therefore you don't have people data to index.

. In the ribbon, click **Administrators**.

. In the **Administrators for User Profile Service Application** dialog box, enter the crawling account in the first box, and then click **Add**.

. In the second box, select the crawling account.

. In the **Permission for Administrators** list, select the **Retrieve People Data for Search Crawlers** checkbox, and then click **OK**.