What are the rights required for running the Sharepoint scanner?

book

Article ID: 159891

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

What are the rights required for running the Sharepoint scanner?

Resolution

 In general, we recommend running the scanner as the applicant pool ID since it always works

 

For more granular rights that can work.

          The user account for the scanner is a farm administrator

          The user account within the login details of the fetch has dbo permissions to the content and configuration databases for SharePoint

          The user account for the scanner is a site collection administrator

          The user account for the scanner has permissions to access the resources which are being fetched

Why do we require these elevated rights?

         The SharePoint back-end code is tightly coupled, and therefore, more granular application of rights is not possible.

         These are the rights outlined by Microsoft for Windows applications accessing the WSS API. 

         This is a Microsoft limitation in the SharePoint Object Model code