How to: Properly set permissions on your Search crawl account in SharePoint 2010

Posted Tuesday, October 19, 2010 10:35 AM by CoreyRoth

When you install SharePoint and configure your Search Service Application, it usually does a pretty good job making sure that your default content access (aka crawl) account has the appropriate permissions to your SharePoint sites.  However, many times, it is necessary to adjust permissions to get this to work.  This could be caused by you simply wanting to change the account that is used or because it is not working for some reason.  For today’s post, we’re specifically talking about setting permissions so that your content access account can properly crawl your SharePoint web applications.  I will also remind you that you never want to use an account with administrator privileges for your crawl account.  If you do, you will have issues with security trimming.

First, verify that the account you are using for crawling is the one you want.  You can view this in the Search Service Application under Default content access account.  You can change your account here if necessary.  Otherwise, just make a note of it.

SearchCrawlAccount

Once you know what account you are dealing with, we can go set the permissions on your web application.  Go back to Central Administration and then click on Manage Web Applications.  Next, you want to select the web application that needs permissions.  Highlight the web application you want and then click the User Policy button.

WebApplications

In this popup, you want to verify that your default content access account is listed.  If you see it there, make sure it has Full Read permissions and nothing else.  If it is not there, click the Add Users button to add your content access account.  On the first step, you will want to pick (All Zones) and then click Next.  On the next screen, enter your account name, choose Full Read and use the default settings for all other options.  Once you are done, your accounts should look something like this.

WebApplicationUserPolicy

Once you are happy with your accounts, click OK.  You then want to go back to the content sources page in your Search Service Application and perform a full crawl.   Performing the full crawl will ensure that security trimming is properly applied when users search your SharePoint site. 

Comments

# Impact of ‘Draft Item Security’ and ‘Security Trimming’ on Search Results in Sharepoint « Extreme Sharepoint

Pingback from  Impact of ‘Draft Item Security’ and ‘Security Trimming’ on  Search Results in Sharepoint « Extreme Sharepoint

# Impact of ‘Draft Item Security’ and ‘Security Trimming’ on Search Results in Sharepoint

Pingback from  Impact of ‘Draft Item Security’ and ‘Security Trimming’ on  Search Results in Sharepoint

# re: How to: Properly set permissions on your Search crawl account in SharePoint 2010

Monday, July 6, 2015 10:00 AM by Jermaine

I have added me crawl account to me web app with full read access and added the sites to the crawl rules but my crawl still keeps failing and the crawl log "Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled" where else do i need to add permissions?

# Sharepoint 2010 Consultant | smallbusinesstelephonesystemsvoip.com

Pingback from  Sharepoint 2010 Consultant | smallbusinesstelephonesystemsvoip.com

Leave a Comment

(required)
(required)
(optional)
(required)