How Amazon Q Business connector crawls Microsoft OneDrive ACLs

Connectors support crawling ACL and identity information where applicable based on the data source. If you index documents without ACLs, all documents are considered public. Indexing documents with ACLs ensures data security.

Amazon Q Business supports crawling ACLs for document security by default.

When you connect an Microsoft OneDrive data source to Amazon Q Business, Amazon Q Business crawls ACL information attached to a document (user and group information) from your Microsoft OneDrive instance. If you choose to activate ACL crawling, the information can be used to filter chat responses to your end user's document access level.

A Microsoft OneDrive data source returns section and page information from OneDrive access control list (ACL) entities. Amazon Q uses the OneDrive tenant domain to connect to the OneDrive instance and can filter based on section name, page type, file name, file type and file contents.

For standard objects, the _user_id and _group_id are used as follows:

_user_id – Your Microsoft OneDrive user email ID is mapped to the _user_id field.
_group_id – Your Microsoft OneDrive group email is mapped to the _group_id field.

Note

Query responses based on AD Group ACLs are not supported for Microsoft OneDrive.

For more information, see:

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using the API

Field mappings