Documentation forAccess Rights Manager

Required accounts and permissions for a SharePoint scan

For a SharePoint scan, two accounts are to be configured:

Process Account

The "Process account" is used to execute the scan process on the selected collector. This account must have local administrative rights and interactive logon privileges on the collector.


Scan Account

The "scan account" is used for the actual scan.


SharePoint On-premise

This account must always be the same as the owner account registered for the site collection (= primary site collection administrator). The corresponding user account is defined when a site collection is created and can only be viewed or changed via the SharePoint central administration.

Navigate in the Central Administration to:

application management -> site collections -> Change site collection administrators -> Selection of the site collection -> Primary site collection administrator


SharePoint Online

The scan account requires Site admin permissions.

Screenshots property of © 2020 Microsoft.

You can set the permissions in the SharePoint Online admin center.