System Requirements
-
AdoptOpenJDK 8 or higher
-
Windows or Linux Server
-
.NET 4 (Connector as Service on Windows Server)
-
PostgreSQL 14.4 or higher for productive environment
-
At least 8 GB dedicated RAM
-
At least 20 GB free disk space
SMB File Share Access
The SMB File Share Connector can use a technical user account to access the data and its security attributes on the File Share(s) to be crawled. While it is simple to use the Administrator account for crawling, configuring a technical user account that is set up for, and used exclusively by the connector is possible. However, such a technical user still requires a high level of privilege:
-
the "Manage auditing and security log" policy(SeSecurityPolicy),in order to be able to extract security details for building ACLs,
-
read and traversal rights across the configured File Shares and start folders, including reading of attributes, extended attributes and permissions,
-
formally, although the operation itself is never exercised, the right to theoretically change permissions.
Q: Why does the technical user require the "Change permissions" permission? Does the connector ever change any permission entries when crawling?
A: No, the connector does not ever change any permission entries when crawling. The permission is required for technical reasons: The connector, when opening files for crawling, requests two specific SMB access rights, ACCESS_READ for actually reading the files’ content, and ACCESS_SYSTEM_SECURITY for extracting the security information that is relevant for building the correct ACLs. Since ACCESS_SYSTEM_SECURITY unfortunately requires the request or to have been granted both “Read permissions” and “Change permissions” permissions, granting only the former will not be enough for a successful crawl.