Permissions
To use the connector with an on-premise SharePoint server, the following permissions are required:
- To perform the
Synchronize
,SynchronizeGroups
,Collect
, andView
actions, the user specified by theUsername
parameter in the connector's configuration file must have "Full Read" access. OpenText recommends that you create a web application policy to grant this permission to the relevant user. - To hold and release documents, the user specified by the
HoldUsername
parameter must be a site-collection administrator. - To index user profiles (when
IndexUserProfiles=true
) the user specified in the configuration file needs to have at least "Retrieve People Data for Search Crawlers" permission on the user profile service application. - To insert documents using the
Insert
fetch action the user specified in the configuration file needs to have sufficient privileges to create new documents. For example, create a web application policy granting "Full control" to the user.
When you use the connector with SharePoint Online, the connector can retrieve any information that the user (specified by the Username
parameter in the connector's configuration file) has permission to read. Some operations require additional privileges or additional configuration:
- To enable mapped security or index user profiles, the user must be a site-collection administrator.
- If you set
IndexSiteAssets=False
(which is the default value), the connector has to determine whether lists are site assets libraries. This requires site collection administrator privileges, so if the user is not a site-collection administrator and you want to ignore site asset libraries you must exclude them using the configuration parametersListMustHaveRegex
andListCantHaveRegex
. If the connector attempts to determine whether a list is a site asset library and is unable to do so because it has insufficient permissions, a warning is written to the synchronize log and the list is ingested.