# Access Controls with the SharePoint Connector

## Overview

SharePoint enables you to control article access based on a user's profile attributes like location or group membership by defining metadata related to the articles. The Aisera Platform can ingest User Profiles and article metadata to enforce these regulations. User Profile information offers a comprehensive set of details, delivering more than basic User information.

The Aisera platform will store the site group information within custom fields providing a view of user affiliations. When a user makes a request to an Aisera application, all relevant articles will be gathered. The user profile affiliations will then be checked against each articles metadata to determine if a user is allowed to view the article. If a user doesn't meet the criteria, their access to the article will be restricted. Only articles that the user has permission to view will be made available to them.

## Prepare

### Authorization

Ensure that you have provided the necessary credentials for User Profile ingestion. These steps for providing these credentials can be found under [Authorization](https://docs.aisera.com/aisera-platform/adding-data-to-your-tenant/integrations-and-data-sources/connectors/sharepoint-connector/..#basic-authorization-through-azure-portal) in the prepare step of the SharePoint Connector.

### Enable access to the SharePoint REST APIs

To enable access controls with the SharePoint connector, the Aisera Platform must make use of the SharePoint REST APIs. [Instructions on enabling access to these APIs](https://docs.aisera.com/aisera-platform/adding-data-to-your-tenant/integrations-and-data-sources/connectors/sharepoint-connector/..#enabling-the-sharepoint-rest-apis) is located in the **Prepare** section of the **SharePoint Connector** document.

## Ingest User Profiles from SharePoint

User Profile information will need to be ingested into the Aisera Platform and combined with existing User information. To do this you will *create a new data* source similar to the steps outlined in the [SharePoint Connector](https://docs.aisera.com/aisera-platform/adding-data-to-your-tenant/integrations-and-data-sources/connectors/sharepoint-connector/..#data-source-setup) document. 

### Data Source Creation

To create the Data Source for User Profiles ingestion:

1. In the Aisera Admin UI navigate to **Settings > Data Sources**
2. Click **+ New Data Source** in the upper right corner
3. Select **SharePoint** and click **Next**
4. Choose the **Integration** with the credentials and appropriate authorization as detailed above
5. Select **User Profiles Learning** for the function field<br>

   <div align="left"><figure><img src="https://3281977978-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvBFXjH9S1CAy9f5hzg5Q%2Fuploads%2FEqWDn7t23mY07LhwRZWj%2Fimage.png?alt=media&#x26;token=c86eb652-0be3-41ee-a2ad-d69f78d4195f" alt=""><figcaption><p>SharePoint Data Source User Profiles Learning function</p></figcaption></figure></div>
6. Fill in the remaining general configurations and click **Next**
7. Define the **Site** if you are not using the default site
8. Check the **On Prem** checkbox
9. Check the **Bypass Test Connection** checkbox<br>

   <div align="left"><figure><img src="https://3281977978-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvBFXjH9S1CAy9f5hzg5Q%2Fuploads%2Fg4lTjbp819SppkHftOOy%2Fimage.png?alt=media&#x26;token=487225d5-d1a1-420b-91af-eda6370e025b" alt="" width="313"><figcaption><p>SharePoint Data Source configurations</p></figcaption></figure></div>
10. Select **Next** until the window closes to save the data source configurations

### Data Source Field Configuration

Additional fields will need to be added to the Data Source. These fields are used to ensure the User Profile information is merged with existing User data, and to check if a user has access to an article. For information on adding additional fields view the document on [Data Ingestion](https://docs.aisera.com/aisera-platform/data-ingestion#field-mapping)

Add a **New Field Mapping** named `MessageType` and provide it with the fixed value of `MERGE_USER_INFO`

Add a **New Custom Field** named `siteGroups` and add the SharePoint field value `siteGroupsArray[*]`

Add a new custom field named `azureId` and provide it with the SharePoint value `Id`<br>

<figure><img src="https://3281977978-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvBFXjH9S1CAy9f5hzg5Q%2Fuploads%2FeqjbsWYHrH3St9fLt54k%2Fimage.png?alt=media&#x26;token=78b42d7b-971a-4719-b76d-d0bc91155623" alt=""><figcaption><p>SharePoint Data Source field mappings</p></figcaption></figure>

## Enable Access Controls

To enable Access Controls:

1. In the Admin UI navigate to **Settings > Access Controls** in the left navigation panel
2. On the right side of the row for the **siteGroups** access attribute, click the **Pencil** icon to open the **Edit Access Attribute** modal
3. Check the **Enable** checkbox<br>

   <div align="left"><figure><img src="https://3281977978-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvBFXjH9S1CAy9f5hzg5Q%2Fuploads%2FZ88ZPyQVtnMx6ozxUmXf%2Fimage.png?alt=media&#x26;token=b3b936c2-2e72-4ce2-9c69-21dd6d1e5894" alt=""><figcaption><p>Enabling the Access Attribute</p></figcaption></figure></div>
4. Select **OK** to save the changes