web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Can Restricted SharePo...
Copilot Studio
Suggested Answer

Can Restricted SharePoint Knowledge Be Queried Through a Copilot Agent Using a Service Account?

(1) ShareShare
ReportReport
Posted on by YJ-02010636-0 9
Is it possible to add a SharePoint knowledge base that has restricted access, yet still allow users of the Copilot agent to query and retrieve results from that SharePoint content — potentially by using a service account?
 
Currently, users who don’t have permission to the SharePoint site receive this error when the agent tries to retrieve information:

 
We understand that granting read access to all users would resolve the issue. However, we want to avoid giving broad read permissions across the company or manually sharing access with large groups of people, as this is not scalable or manageable.
Categories:
Building Copilot Studio chatbots in Microsoft Teams
I have the same question (0)
  • Suggested answer
    Liam O Grady Profile Picture
    Liam O Grady 28 on at
    No, Copilot Studio can’t use a service account to bypass SharePoint permissions when you are using it as a "knowledge source".
    If a user doesn’t have read access to the SharePoint site or library, the agent won’t return content from it. That’s expected and by design.
     
    However, there are workarounds.
     
    1. Use a Power Automate sync
    Rather than querying SharePoint at runtime, you can use a Power Automate flow (running as a service account) to sync the restricted library into the agent’s knowledge. Once synced, the content behaves the same as if you’d uploaded the files directly to Copilot Studio.
     
    This means:
    - No need to grant broad SharePoint read access
    - No per-user permission checks at runtime
    - Fully manageable and scalable
     
    This pattern is actually built into the Copilot Studio Kit (if you haven't heard of it google it), so you don’t have to build it from scratch yourself.
     
    2. Use Azure AI Search
    If you need a more advanced solution for large volumes of documents, metadata filtering, or more control over ingestion), you can index the SharePoint content into Azure Al Search using a service account. Copilot Studio can then query the search index instead of SharePoint directly.
     
    This can be more expensive to run and operate, but typically gives better retrieval quality and more control compared to native knowledge sources.
     
    Hope that helps 👍
  • YJ-02010636-0 Profile Picture
    YJ-02010636-0 9 on at
    Hi Michael
     

    Thanks so much for the suggestion! I explored using Power Automate for this, but the challenge is that the available SharePoint connectors aren’t able to read or index the content in my SharePoint Knowledge Base with the same depth or quality as the “Add knowledge” ingestion pipeline in Copilot Studio.

     

    While the SharePoint actions in Power Automate (like Get file, Get items, or HTTP request) can retrieve raw files or list data, they don’t provide the semantic processing that the Knowledge feature performs automatically—things like intelligent parsing, chunking, and embedding the content for high‑quality retrieval. Because of that, the search accuracy and user experience from a flow can’t really match how the Knowledge connector understands and answers questions.

     

    So even though a service‑account connection could work for basic retrieval, it doesn’t give the same results as the built‑in Knowledge ingestion, which is why the permissions limitation is still the main blocker in this scenario.

  • Michael E. Gernaey Profile Picture
    Michael E. Gernaey 53,719 Super User 2025 Season 2 on at
     
    Logistically yes, if you built the flow and set it so the connection to SharePoint is specifically using that account for all access. Make sure to share the connection, make sure to set the flow you are using to access SharePoint, to use the "users" connection versus the user who is logged in.
     

    If these suggestions help resolve your issue, Please consider Marking the answer as such and also maybe a like.

    Thank you!
    Sincerely, Michael Gernaey

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the December Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 430

#2
chiaraalina Profile Picture

chiaraalina 130

#3
S-Venkadesh Profile Picture

S-Venkadesh 68 Moderator

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ❤️ MCP" lab
Block PII/PCI in Copilot Studio agent user prompt
Welcome to the Copilot Studio forum!

Product updates

Microsoft Power Platform Community release plans