Set Up SharePoint Online Crawling Account Permissions

When you create a SharePoint Online source, an Azure application is created in your Azure tenant and you must grant it the proper permissions.

The SharePoint administrator can grant permission to the crawling account for individual sites. Alternatively, it can grant permission to a group that either has access to certain sites with the appropriate permission level, or that hasn’t been granted Site Admin (previously called Site Collection Administrator) permissions by the administrator. Depending on your company’s internal security policy, you can choose to give access to either all or some sites and profiles.

Add Permission for a Specific Site

  1. Create the appropriate crawling account.

  2. Using a Sharepoint Admin account, log in to the Microsoft 365 admin center.

  3. In the left menu, click SharePoint.

  4. In the left menu, click Active Sites, and then click the site that you want to add to your crawling account.

    This action ensures that the user can crawl the selected sites. Without it, the user can only crawl anonymous sites that are public and unrestricted.

  5. In the right menu, click Add or remove owners.

  6. In the Change group owners menu, search for your crawling account, and then click Save.

  7. Using the newly created crawling account, log in to the Coveo Administration Console and add the SharePoint Online source.

  8. Before you build your source, ensure that you have checked the All Sites box in the Administration Console.

  • For some permissions, the Required Admin parameter is set to true, and therefore the user must have a limited administrator account with the following roles: Application Administrator and SharePoint Administrator (see SharePoint Online Account With Appropriate Roles and Permissions for more information).

  • To crawl all sites, the crawling account must have the above mentioned roles and must also be a Site Collection Administrator.

Add Custom Permission Access Level

These permissions are only required if the crawling account isn’t a site collection administrator.

  1. Click Site Settings > Site Permissions > Advanced Permission Settings.

  2. Click Permission Levels.

  3. Enter a name and description, and then select Minimal Custom Permission Access Level.

  4. Click Create.

  5. On the Users page, click Grant Permission.

  6. Enter the crawling account email address.

  7. In the Select a permission level drop-down menu, select the desired customer permission level.

  8. Click Share.

You’re now ready to index your SharePoint site. If you already crawled your SharePoint instance, you must update the access token and then check the Update the Token in the Source Identity Security Provider Configuration box.

Reference

Default Member Permissions

The default member’s group has a Permission Level which is set to Edit. The following table indicates the permissions attributed to a default member.

Permission type Action
List permission
  • Manage list
  • Add items
  • Edit items
  • Delete items
  • View items and application pages
  • View past versions
  • Delete versions
  • Create alerts
Site permission
  • Browse directories
  • Use self-service site creation
  • View pages
  • Browse and edit user information
  • Use remote interfaces
  • Use client integration features
  • Open a website, list, or folder (to access items inside that container)
Personal permission
  • Manage personal views
  • Add and remove personal web parts
  • Update personal web parts

Minimal Custom Permissions

If the above permissions give too much access, you can create a custom Permission Level. The following table indicates the permissions attributed to a member with minimal custom permissions.

Permission type Action
List permission
  • Manage list
  • View items and application pages
  • View past versions
Site Permission
  • Browse directories
  • View pages
  • Enumerate permissions
  • Browse user information
  • Use remote interfaces
  • Open a website, list, or folder (to access items inside that container)
Recommended Articles