How Amazon Q Business connector crawls SharePoint Server 2019 ACLs

When you connect an SharePoint Server 2019 data source to Amazon Q Business, Amazon Q Business crawls ACL information attached to a document (user and group information) from your SharePoint Server 2019 instance. If you choose to activate ACL crawling, the information can be used to filter chat responses to your end user's document access level.

To filter using a username, use the User principal name from your Azure portal. For example, johnstiles@kendra.onmicrosoft.com.

When you use a SharePoint group for user context filtering, calculate the group ID as follows:

For local groups

Get the site name. For example, https://host.onmicrosoft.com/sites/siteName.
Take the SHA256 hash of the site name. For example, 430a6b90503eef95c89295c8999c7981.
Create the group ID by concatenating the SHA256 hash with a vertical bar ( | ) and the group name. For example, if the group name is "local group name", the group ID is the following:

"430a6b90503eef95c89295c8999c7981 | localGroupName" (with a space before and after the vertical bar).

For more information, see:

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using the API

Field mappings