Granting SharePoint Permissions to the Crawling Account
Tip: The best practice is to create a dedicated Active Directory account for the exclusive use of the Coveo connector with a password that never changes. If you must change the password of this account you will need to change it both in AD and in the corresponding CES user identity(see Adding a User Identity).
This crawling account must have the proper rights to retrieve the information from your SharePoint farm. The following table presents the minimal required permissions that the crawling account must have to perform the specified action for the supported SharePoint versions.
|SharePoint version||Action to perform||Minimal required permission|
|✓||✓||Content and Security indexing, live indexing, and site collection discovery||Full Read policy for all SharePoint farm web applications (see Adding the Full Read Policy to All SharePoint Farm Web Applications)|
|✓||✓||Personal site and user profile indexing||Read permission for the site collection of the source starting address (see Adding the SharePoint Website Read Permission)|
|✓||Retrieve People Data for Search Crawlers permission to the User Profile Service Application(see Adding the Retrieve People Data for Search Crawlers Permission to the User Profile Service Application)|
|✓||Manage user profiles permission to the Shared Service Rights (see Adding the Manage User Profiles Permission in Shared Service Rights)|
|✓||Content and security indexing||SharePoint Website Administrator permission (see Adding the SharePoint Website Administrator Permission)|
|✓||Personal site and user profile indexing, live indexing, and site collection discovery||Member of the SharePoint farm administrators group
(see Adding the Crawling Account to the SharePoint Farm Administrators Group)
Member of the SharePoint server local Administrators group (see Adding the Crawling Account to the SharePoint Server Local Administrators Group)
For SharePoint 2010 and 2007, the SharePoint connector has the ability to automatically set up the required permissions for the crawling account when a source is refreshed or rebuilt.
The automatic permissions setup has the following requirements:
The Coveo SharePoint web service must be installed on the SharePoint farm (see Installing the Coveo Web Service, Search Box, and Search Interface into SharePoint)
The crawling account must:
Be a member of the SharePoint farm administrators group (see Adding the Crawling Account to the SharePoint Farm Administrators Group)
Have the Read permission for the site collection(s) that you wish index (see Adding the SharePoint Website Read Permission).
Once you granted the appropriate permissions:
Optionally install the Coveo SharePoint web service (see Installing the Coveo Web Service, Search Box, and Search Interface into SharePoint).
Create and index a SharePoint source (see Configuring and Indexing a Microsoft SharePoint Source).