Troubleshooting / FAQ
Source System: Microsoft SharePoint Online
Locked Site Collections
In Microsoft SharePoint Online, site collections can be locked.
Sites locked with NoAccess will be excluded from any traversal.
Content Traversal
Content Type Hierarchy
The Microsoft SharePoint Online connector iterates over the following hierarchy for every discovered site collection:
-
Site Collection
-
Root Site
-
Lists
-
Items & Folders
-
Attachments
-
-
-
Document Libraries
-
Files & Folders
-
-
Sub Sites
-
…
-
-
-
Each content traversal considers some advanced source system settings implicitly.
Traversal Flags
If set, the following flags result in the exclusion of documents:
| Flag | Context | Description |
|---|---|---|
|
Sites & Lists |
The advanced site and list settings provide an option to prevent content from being indexed into search. |
|
Lists |
Microsoft SharePoint Online lists can be configured as hidden. |
|
Lists |
Microsoft SharePoint Online lists can be configured as private. |
|
Lists |
Internal lists which are used for the content management are marked as catalogs. |
List Advanced Settings
Setting: Item-level Permissions
In order to restrict the access to list items Item-level Permissions can be
defined. If the property Read items that were created by the user is checked,
the traversed list documents can only be read by the author and the site
collection admins. Cancel Checkout permissions are not supported by the
connector.
Principal Traversal
The ACL for documents extracted from Microsoft SharePoint Online contain the following types of principals:
| Type | Example | Description |
|---|---|---|
Site collection group |
Connector defined reference to a SharePoint Online site collection specific group. |
|
Entra ID group |
1b6943f1-5983-45a5-a259-3a553de4c79f |
The object ID of an Entra ID group. |
Entra ID user |
The user principal name of an Entra ID user. |
|
Everyone, except external |
spo-grid-all-users |
Microsoft SharePoint Online specific role, which includes all active and
|
Everyone |
all |
Role which includes all Entra ID users. |
The principal synchronization performs following tasks:
-
Resolution: Site collection groups (memberships)
-
Resolution: Entra ID groups (member- & ownerships)
-
Resolution: Roles (memberships)
-
Streamlining: Adds additional principals, so the Entra ID synchronization can be shared between connectors of different source systems.
Optimization: Principal Traversal
In case multiple Entra ID based connectors should be run in parallel, the Entra ID synchronization tasks would be run multiple times. This can be prevented by setting up one connector to perform the complete Entra ID synchronization and all other connectors to focus only on the source system specific principals.
If the Microsoft SharePoint Online connector should perform the full Entra ID
synchronization, the principal synchronization algorithm
Full SharePoint Online and all Azure AD groups and users can be configured.
Otherwise, only Microsoft SharePoint Online specific principals can be resolved via
the algorithm Only SharePoint Online groups.
ServiceNow AI Search
Items not found in AI Search Service Portal
The history table does not indicate any failures and connector processed the expected number of items into AI Search index. In the Service Portal Search, the items cannot be found.
|
Check under 
In the example above, the search source |
|
Verify that the connector completed at least a single principal traversal. Starting from Quebec, all items processed by the connector are protected with Access Control List.
The Access Control List assigned to items can be only resolved if principal information from the source system has been synchronized to AI Search.
In order to verify that the expected principal relations have been synchronized, login to ServiceNow with the role 
In case you are missing an user record in the table or expecting the internal and external user mapping to be different, revisit your Aliaser Configuration in the Advanced Connector Configuration. |
