Permissions

To use the connector with an on-premise SharePoint server, the following permissions are required:

  • To perform the Synchronize, SynchronizeGroups, Collect, and View actions, the user specified by the Username parameter in the connector's configuration file must have "Full Read" access. Micro Focus recommends that you create a web application policy to grant this permission to the relevant user.
  • To hold and release documents, the user specified by the HoldUsername parameter must be a site-collection administrator.
  • To index user profiles (when IndexUserProfiles=true) the user specified in the configuration file needs to have at least "Retrieve People Data for Search Crawlers" permission on the user profile service application.
  • To insert documents using the Insert fetch action the user specified in the configuration file needs to have sufficient privileges to create new documents. For example, create a web application policy granting "Full control" to the user.

When you use the connector with SharePoint Online, the connector can retrieve any information that the user (specified by the Username parameter in the connector's configuration file) has permission to read. Some operations require additional privileges or additional configuration:

  • To enable mapped security or index user profiles, the user must be a site-collection administrator.
  • If you set IndexSiteAssets=False (which is the default value), the connector has to determine whether lists are site assets libraries. This requires site collection administrator privileges, so if the user is not a site-collection administrator and you want to ignore site asset libraries you must exclude them using the configuration parameters ListMustHaveRegex and ListCantHaveRegex. If the connector attempts to determine whether a list is a site asset library and is unable to do so because it has insufficient permissions, a warning is written to the synchronize log and the list is ingested.