Product DocsMenu

Coveo Platform 7.0 >
Administrator Help > Connectors > Microsoft SharePoint Connectors - Shared Topics > Granting SharePoint Permissions to the Crawling Account

Granting SharePoint Permissions to the Crawling Account

You must select an existing account or create a new one that the SharePoint, SharePoint Legacy or OneDrive for Business (CES 7.0.8047+ (December 2015)) connector will use to crawl your SharePoint or OneDrive for Business content.

Tip: The best practice is to create a dedicated account for the exclusive use of the Coveo connector with a password that never changes. If you must change the password of this account you will need to change it both in the original identity provider system (AD or other) and in the corresponding CES user identity (see Adding a User Identity).

This crawling account must have the proper rights to retrieve the information from your SharePoint farm (tenant in SharePoint Online). There are two methods to configure the necessary SharePoint permissions for the crawling account.

Automatic Permissions Setup

The SharePoint and SharePoint Legacy connectors have the ability to automatically set the required permissions to allow the crawling account to gain read access to the whole content as long as the following requirements are met:

Manual Permissions Setup

When your SharePoint environment does not meet the requirements for the automatic method, you must manually set permissions for your SharePoint crawling account.

The following table presents the minimal required permissions that the crawling account must have to perform the specified action for the supported SharePoint versions.

Note: CES 7.0.8047+ (December 2015) For OneDrive for Business, follow the actions applicable to your SharePoint version.

SharePoint version Action to perform Minimal required permission
Online 2016 2013 2010 2007
        Content and Security indexing, incremental refresh, and site collection discovery
  Full Read policy for all SharePoint farm web applications (see Adding the Full Read Policy to All SharePoint Farm Web Applications).

Personal site, user profile and social tags indexing


  • When indexing personal sites or user profiles, the crawling account must not have a personal site on the SharePoint server being indexed to prevent connector failure cases when attempting to retrieve the list of personal sites.

  • Personal sites and user profiles are not included in SharePoint Foundation.

Read permission for the site collection of the source starting address (see Adding the SharePoint Website Read Permission).
    Retrieve People Data for Search Crawlers permission to the User Profile Service Application (see Adding the Retrieve People Data for Search Crawlers Permission to the User Profile Service Application).
        Manage user profiles permission to the Shared Service Rights (see Adding the Manage User Profiles Permission in Shared Service Rights).
        Owner of all personal sites collections (see Adding the Personal Sites Collections Owner Permissions for SharePoint Online).

What's Next?

Once you granted the appropriate permissions:

People who viewed this topic also viewed