Documentation forAccess Rights Manager

Required accounts and permissions for a SharePoint scan

For a SharePoint scan, two accounts are to be configured:

Process Account

The "Process account" is used to execute the scan process on the selected collector. This account must have local administrative rights and interactive logon privileges on the collector.

Scan Account

The "scan account" is used for the actual scan. This account must always be the same as the owner account registered for the site collection (= primary site collection administrator). The corresponding user account is defined when a site collection is created and can only be viewed or changed via the SharePoint central administration.

Navigate in the Central Administration to:

application management -> site collections -> Change site collection administrators -> Selection of the site collection -> Primary site collection administrator


Identify the primary site collection administrator in SharePoint Online

  1. Log into your Office 365 environment as an administrator.
  2. Go to the SharePoint Admin Center.
  3. Select the collection to be scanned (set the checkmark).
  4. Click Owner-> Manage Administrators.
  5. You will see the primary site collection administrator.

The placeholder "Company Administrator" stands for all global Office 365 administrators.